IPS/IDS

IPS (intrusion prevention system) and IDS (intrusion detection system) are specialized software, often known as 4th generation firewalls.

They have the following basic motivation and features:

• Similar to antivirus software, heuristics and/or recognizing "bad" patterns such as malware traveling across a network
• Detect anomalies from an automatically generated database of machine learning

IDS is a system used to actively search for potential network intrusions without active blocking. If anomalies are detected, alerts are sent (email, SMS for IT security team, etc.)

IPS offers similar functionalities as IDS and has additional response capabilities, such as active blocking.

Both pieces of software can provide effective help in mitigating attacks that would traditionally be impossible to protect against, such as DDoS (distributed denial of service) attacks.

Custom Configuration

The IPS that is found in each security gateway should contain signatures for detecting and blocking known attacks to the corresponding versions of the operating systems and web servers on which GK services are executed.

The IPS should also support the prevention of DoS attacks that can be performed by flooding or exploiting some specific vulnerabilities. The IPS should employ configurable heuristics for DDoS detection and prevention based on controlling the density of network traffic directed to the enterprise VPC containing the GK services (e.g. by traffic rate limiting). The auto-scaling infrastructure provided by the cloud should also be set up appropriately in order to not bring down any services in the event of network traffic spikes.