FIDP-07

Have you implemented an intrusion prevention system (network-based)?

Explanation

This question is asking whether your organization has implemented a network-based intrusion prevention system (IPS). An IPS is a security technology that monitors network traffic for suspicious activity and takes automated preventive actions when threats are detected. Unlike an intrusion detection system (IDS) which only detects and alerts, an IPS actively blocks or prevents the suspicious activity. The 'network-based' qualifier means the system monitors traffic at the network level rather than on individual hosts. This question is being asked in a security assessment because an IPS is considered a critical security control that helps protect networks from various attacks such as malware, exploits, and unauthorized access attempts. It provides an active defense mechanism that can stop attacks in real-time before they reach their targets. To best answer this question, you should: 1. Clearly state whether you have implemented a network-based IPS 2. Provide details about the specific IPS solution(s) you use 3. Mention where in your network architecture the IPS is deployed (e.g., at network perimeter, between network segments) 4. Include information about how the IPS is managed, monitored, and updated 5. If applicable, note any compliance requirements the IPS helps you meet

Example Responses

Example Response 1

Yes, we have implemented a network-based intrusion prevention system We use Palo Alto Networks' Next-Generation Firewalls with IPS capabilities deployed at our network perimeter and between critical network segments The IPS functionality is configured to automatically block known malicious traffic patterns and exploits Our security operations team monitors IPS alerts 24/7 and regularly updates the threat signatures The system is tuned to minimize false positives while maintaining protection against the latest threats We conduct quarterly reviews of our IPS rules and effectiveness as part of our security program.

Example Response 2

Yes, we utilize Cisco Firepower IPS as our network-based intrusion prevention system The solution is deployed inline at our internet edge and between our production and corporate networks We have implemented a defense-in-depth strategy where the IPS works in conjunction with our next-gen firewalls and endpoint protection Our IPS is configured in prevention mode for known threats and detection mode for potential zero-day exploits The system automatically receives daily signature updates, and our security team reviews alerts and tunes rules weekly We also conduct monthly penetration tests to verify the effectiveness of our IPS implementation.

Example Response 3

No, we have not yet implemented a network-based intrusion prevention system Currently, we rely on our next-generation firewalls for basic traffic filtering and an intrusion detection system (IDS) that alerts our security team to suspicious activity but does not automatically block threats We recognize this as a gap in our security controls and have included the implementation of a network-based IPS in our security roadmap for the next quarter In the interim, we have compensating controls including enhanced endpoint protection, regular vulnerability scanning, and 24/7 security monitoring to help mitigate the risk.

Context

Tab
Infrastructure
Category
Firewalls, IDS, IPS, and Networking

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron