Test My IPS
There are many reasons for a security team to test their Intrusion Prevention System (IPS). The two main reasons are a product bakeoff and to make sure the existing IPS works.
But first, what is an Intrusion Prevention System? And how does it work?
An Intrusion Prevention System monitors a network for malicious activity like security threats or policy violations.
Intrusion Prevention Systems are similar to intrusion detection systems (IDS), but they do more than just monitor the network and system traffic. After the IPS identifies suspicious activity, it logs the information, tries to block the malicious activity, and then reports it.
An IPS is able to act automatically on all network traffic flows, such as alerting administrators, dropping malicious packets, and restarting connections.
Intrusion Prevention Systems can be implemented as a hardware device or software. They’re usually located behind a firewall and act as another filter or layer on the network.
The four common types of Intrusion Prevention Systems are:
- Network-based Intrusion Prevention System (NIPS)
- Searches for suspicious traffic by reviewing protocol activity
- Wireless Intrusion Prevention System (WIPS)
- Reviews wireless networking protocols
- Network behavior analysis (NBA)
- Locates threats that cause unusual traffic flows, including distributed denial of service (DDoS) attacks and policy violations
- Host-based Intrusion Prevention Systems (HIPS)
- Software package that looks into suspicious activity occurring within a single host
Having an effective IPS is valuable for detecting malicious activity on networks, but how can you be sure that your IPS is functioning as intended?
Threatcare’s Breach and Attack Simulation platform makes it easy to test your IPS by creating activity that looks like unusual traffic flows, policy violations, and more. If you haven’t already downloaded the app, download it here.
Threatcare is built on the MITRE ATT&CK framework, helping your team standardize its testing practices.
Step-by-Step Guide to Testing Your IPS with Threatcare
Step 1. Navigate to the Playbooks tab in the Threatcare app.
Step 2. Once you’ve located the Playbooks tab, click on the MITRE ATT&CK Exfiltration playbook to run it.
Step 3. Review the results. If you’re using the free version of Threatcare, you’ll be able to review the results of MITRE ATT&CK Exfiltration playbook in the console on the Techniques tab.
Step 4. Click on the Events tab. Users who pay for Threatcare Pro can review detailed results and artifacts related to the MITRE ATT&CK Exfiltration playbook run by clicking the “View Details” button on the Events tab.
Step 5. Generate a report. Generating reports will support your analysis efforts and assist with log correlation. To generate a detailed report, navigate to the Events tab, check the boxes to the left of the events you’d like to include in the report, and click the “Download Report” button.
Threatcare’s automated Breach and Attack Simulation solutions and highly experienced Services Team provide real-time insights and actionable recommendations that enable you to build, measure, and maintain a strong cybersecurity program as your organization scales.
Visit www.threatcare.com or call +1-833-365-CARE for more information.