Intrusion Prevention System Benefits

  • Fewer security incidents. While connected units typically do not notice any changes, the IPS ensures less disruption for university systems and a reduced number of security incidents.
  • Selective logging. The IPS only records network activity when it takes action, maintaining the privacy of network users.
  • Privacy protection. The IPS compares network traffic against a list of known malicious traffic and does not store or view content. 
  • Reputation-managed protection. The IPS subscribes to a reputation-based list of known malicious sites and domains, which it uses to proactively protect the university.
    Example: Phishing or Malware attempts: If a university staff member clicks on a link in a phishing email or a malware ad for a site that is on the IPS denylist of known malicious sites, traffic would be blocked and the staff member would see a blank page.
  • Multiple threat protection. The IPS offers zero-day threat protection, mitigates brute force password attempts, and provides protection against availability threats, such as DDoS and DoS attempts.
    Example: Brute Force Password Attempt: If a criminal attempts to gain access to a university account through brute force (e.g., repeated login attempts), the IPS can monitor the size of the data movements, recognize unusual patterns, and block access.
  • Dynamic threat response. The IPS can be fine-tuned to recognize and respond to particular threats, allowing the university to react to identified threats to university business.
Note: This is not appropriate for all networks. The IPS covers most Ann Arbor campus networks, excluding the Health System. The IPS is not appropriate for some researchers with high-bandwidth needs or those who study malicious network traffic.  The system may slow extremely high-volume traffic or block malicious content researchers wish to study. These networks may need to be protected in other ways.