What an IPS does
An IPS operates by inspecting network packets and comparing them against a database of known attack signatures. When a match is found, the IPS can take various actions, such as dropping the packet, resetting the connection, or alerting administrators. IPS placement within the network is crucial; inline deployment allows for immediate blocking, while out-of-band modes offer analysis but don't prevent attacks directly. Balancing effectiveness and false positives is key; overly aggressive blocking can disrupt legitimate traffic, requiring careful configuration and ongoing optimisation.
IPS in Australian tenants today
Many AU mid-market organisations are integrating IPS functionality into their next-generation firewalls, with Azure Firewall Premium offering integrated IDPS capabilities. In industrial control systems (ICS) and operational technology (OT) environments, the Security of Critical Infrastructure (SOCI) Act 2021 mandates enhanced cybersecurity measures. IPS solutions are vital for meeting SOCI obligations by providing real-time threat prevention and reducing the attack surface. Careful consideration must be given to the impact of IPS on OT network performance and the need for specialised expertise.