Implementing IPS in the cloud

This is one of the most-asked questions when it comes to a cloud environment. Initially, one of the most famous and free IPS, Snort was used based on a mirroring approach in AWS, where an agent installed in all the EC2 instances would mirror and send the traffic to the Snort central IPS; however, this approach led to a huge spike in the usage of the system resource all the time and this is the reason why people have stopped using it.

As far as IPS in the cloud is concerned, I prefer to use a commercial offering, which seems to work much better than that of traditional open source ones.

I have spent a lot of time evaluating many of the endpoint security products that also provide the IPS functionality, among which as a personal opinion, Trend Micro Deep Security is one of the products that I found quite easy to use and offers good features along with support.

Let's go ahead and understand more about how it can fit in the overall security posture and compliance benefits.