Why you need an Intrusion Prevention System (IPS) on your Workstation
Evolution to Intrusion Prevention Systems
Intrusion Prevention Systems (IPS) are the new evolution of what was once an Intrusion Detection System. Intrusion Detection Systems detected a cyber attack happening and would alert the IT department or Information Security Department in order for them to mitigate and deal with the attack.
Intrusion Prevention System, which replaced the older Intrusion Detection System, detects AND takes action immediately.
If there is a signature on how to deal with that particular type of attack; it automatically deals with the attack without you even knowing it did and then alerts the security department. It automatically deals with the attack without you even knowing it did and then alerts the security department. They now know that there was a cyber attack but it was stopped and no data was compromised.
Playing Catch-Up with Cybersecurity
What happens if it’s a new form of cyber attack that hasn’t been seen before and there is no signature on how to handle it? In the industry, we’re playing catch-up. The hackers are the ones writing the game rules. We have to figure out how to beat them at their game.
The Intrusion Prevention System on your workstation will still see the attack and it will create what’s called a honeypot.
Attracting Attacks with Sweet Honey
The Intrusion Prevention System forces the hacker into a kind of a safe zone or quarantine area that is spun up. This is the honeypot. It’s a virtual environment on the workstation that the hacker finds sweet and desirable because it will spit out fictitious files with tracer codes in them.
The reason we call it a honeypot is because it’s sticky. The hacker is stuck inside it and they can’t get out. They actually don’t want to leave because it’s full of juicy files they think are full of data!
The hacker wants to grab all the files that they can in hopes that they’re getting non-public information. That’s what they’re after.
What also happens is the Intrusion Prevention System will automatically create several honeypots and it puts the hacker in what’s called a honeynet. Now, the hacker jumps from honeypot to honeypot not knowing that they’re really not getting anywhere, except exactly what we want them to get.
The hacker thinks that they’re getting sweet honey, data! It will allow them to upload these files back to their computer system and install tracer code to determine exactly where they are geographically.
IDing the Hacker
The tracer code allows us to determine out what kind of operating system they have, their patch level, type of antivirus and their WAN IP address. The WAN IP geographically locates them and pinpoints exactly where this hacker is located.
That information is now relayed up to the security professionals that will analyze it. If the hacker is foolish enough to be inside the United States or any one of the partnering countries that has an extradition treaty with the United States, this person is going to go to prison.
A signature is also developed to deal with that form of attack in the future. This signature is pushed out to every single Endpoint (computer system) that their software services.
This means that the one little attack that happened in one little workstation has now secured a million plus computers from that same attack. This is the power of having an Intrusion Prevention System on your workstation. This is why you need it and why you should have it.
As you can see, we are way beyond the point of needing just an antivirus. We need an antivirus, we need anti-malware, we need Intrusion Prevention System on every single workstation in order to be secured these days.
The reason is because human error is always going to exist. End users, no matter how much training you give them, they’re going to have a hiccup, they’re going to have a lapse in judgment, they’re going to accidentally do something that they’re going to say, “I shouldn’t have done that.” It’s going to happen.
What this allows us to do is make sure that those computer stations are secured. When the oops does happen, you’re not plastered in the media like Equifax. Because the bottom line, a security issue that deep, where 100% of data is compromised is inexcusable and it’s completely avoidable.
At 24×7 Protect IT, Inc., our highest tier of service includes information security services as a part of our monthly monitoring. With that, we include our Intrusion Prevention System on your workstation, network and server. We also monitor and help support it. If you ever have any issues or questions, give us a call. We’re here to help you do business; securely.