IDS and IPS in the Cloud

HIDS, HIPS, NIDS, NIPS — what’s the difference, and why does it matter?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.

🔒 Related Stories: Network Security | Cybersecurity

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I’ve been getting several questions lately about an IDS or IPS in the cloud. Many of the questions have revolved around packet capture and network-based solutions since that has been one of the biggest challenges in cloud environments and something I wrote a security white paper about in 2017. On a recent consulting call, I incorrectly thought that was the topic of a question, but then I realized the customer was asking about host-based solutions. Additionally, when I looked at some cloud vendor pages on the topic, I only see host-based solutions. I thought this would be a good time to explain the differences, pros, and cons of these different types of IDS and IPS solutions.

First of all, what is an IDS or an IPS? Here’s a quick explanation: