Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) are sub-types of firewalls. These devices attempt to analyze all traffic to and from your network. Most firewalls don’t do content analysis, that’s what makes IDS/IPS firewalls
Who should have this type of system?
Organizations that are legally obligated to protect their data from unauthorized disclosure should have this type of system. Or, organizations that are especially security conscious. If you’re one of the above organizations and are considering perusing this avenue, which (or both) should you do? I would personally lean towards the intrusion prevention because that’s the ultimate goal. What good would it do to detect an intruder without having the means to remove them?
There are vendors out there and a common question out there in the industry is, “What about unified threat management?” Unified Threat Management is firewall, anti-virus, anti-spam, IDS/IPS, and a deep packet analyzer all-in-one. It certainly simplifies the administrative tasks of securing the network. In some cases it could result in a vanilla solution that’s not tailored to fit your specific needs.
If you take the following example, establishing a DMZ (de-militarized zone) in your network design better protects your inter-network. Devices that get placed in the DMZ are those that you want people outside of your network to access, web servers, mail gateways ect, that also form another layer of defense for your internal network.
There are variants of network security appliances that are customizable to fit your specific needs. Contact your network administrator to find out more information about the right device for you.