IPS in a cloud environment

The preceding architecture of firewall|IPS|servers is generally not possible in a cloud environment, such as AWS. In such cases, a slightly different approach is used, called the Agent–Server approach.

In this type of deployment, IPS agents are installed in each of the servers. They monitor the network and communicate with the central IPS server. In the following diagram, IDS/IPS agents are installed in the EC2 Instances itself:

These agents are responsible for scanning the data packets for malicious code. The agents communicate directly with the central IDS/IPS server to download the latest signatures and settings as configured by the system administrator.