10-17-2016 02:24 AM - edited 03-10-2019 06:41 AM
What is the different between End-point IPS and Network IPS?
10-17-2016 02:54 AM
As the name suggests, its mostly a security software installed on endpoint which is a PC and network IPS is something which works at network level with firewall etc.
You might be referring to endpoint AMP (FireAMP) which works on individual PC and network AMP which works at network level on traffic passing through firepower devices.
Thanks
Yogesh
11-13-2016 10:27 PM
Basic difference understood... But what type of vulnerabilities are covered separately by each of these devices? And do they work in sync with each other? From where can I get all this basic information?
11-14-2016 09:44 AM
Network-based and Host-based IPS complement each other. Since many threats cannot be detected by scanning only the network stream, additional security on the endpoint is very important. Take ransomware for example. The file could be morphed so IPS will not detect the file by its hash but host-based ips will be able to determine it is indeed a threat by analyzing the process behaviour.
As to where you can get this "basic" information... Google. There are many books, blog posts and opensource products like snort (which is also used in Cisco Firepower) that can help you get started.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide