A “deep packet inspection” (DPI) system is a device that can decode network traffic and look at the contents or payload of that traffic. Deep packet inspection is typically used by intrusion detection systems (IDS), intrusion prevention systems (IPS), advanced firewalls and many other specialized cyber security products to detect signs of attack.
Intrusion Detection Systems can detect and alert, but do not block or reject bad traffic. Intrusion Prevention Systems can block traffic.
Industrial networks support high availability making most general IPS appliances less common on critical networks (e.g., it may incorrectly block traffic and hamper productivity); IPS is more often applied at upper-level networks where high availability (typically >99.99%) is not such a high priority.
Most modern intrusion prevention systems can be used as intrusion detection systems by configuring the IPS to alert on threat detection, but not to drop traffic. Because of this the term “IPS” is now commonly used to refer to both IDS and IPS. The way it is configured and deployed indicates whether it is a “passive” IDS or an “active” IPS.
Image source: OKTA (okta.com/identity-101/ids-vs-ips/)
Comments