Utilizing IDS and IPS to Improve Cybersecurity Monitoring Process
Sokroeurn Ang, Sopheaktra Huy, Midhunchakkaravarthy Janarthanan
Abstract
Intrusion detection system (IDS) and intrusion prevention system (IPS) are crucial for protecting cyberattacks that target organizational information systems, IDS is focusing on detecting cyberattacks while IPS is focusing on preventing cyberattack. The research examines the limitations of IDS and IPS in detecting and preventing threats, highlighting that both systems rely on signature and anomaly-based detection methods. However, these detection techniques require significant enhancements, as current implementations in IDS and IPS may not effectively address all threats. The main objective of this study is to discover the limitation feature of IDS and IPS in detecting and preventing threats. The data collection and analysis are using a combination of quantitative and qualitative approaches, based on an in-depth review of research and review articles. The analysis shows that attackers can exploit information systems due to the absence of latest signatures and anomaly-based detection in intrusion detection systems (IDS) and intrusion prevention systems (IPS). The findings recommend that cybersecurity professionals should regularly update and verify both signature-based and anomaly-based detection mechanisms, as well as implement both network-based and host-based level to ensure that IDS and IPS can effectively detect and prevent threats in real time.