Threat management continues to be a top priority, it is more important than ever for cash-strapped businesses to fully understand the functionality of intrusion detection systems to ensure they buy the right solution.

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are a particularly confusing area because the products are so similar, the vendors are all the same, and even the acronyms are hard to tell apart.

What is an IDS?

An IDS is a visibility tool. Intrusion Detection Systems sit off to the side of the network, monitoring traffic at many different points, and provide visibility into the security posture of the network. A good analogy is to compare an IDS with a sewer inspector. A sewer inspector looks deep into the sewers see what is happening, in sometimes excruciating detail. An IDS is a “protocol analyzer” for the security engineer. The IDS looks deep into the computer network and can sees what is happening from the security point of view in near real time.

In the hands of a competent and well trained security analyst, the IDS becomes a window into the network. The information provided by the IDS will help the security and network management teams uncover:

  • Security policy violations, such as systems or users who are running applications against policy

  • Infections, such as viruses or Trojan horses that have partial or full control of internal systems, using them to spread infection and attack other systems

  • Information leakage, such as running spyware and key loggers, as well as accidental information leakage by valid users

  • Configuration errors, such as applications or systems with incorrect security settings or performance-killing network misconfiguration, as well as misconfigured firewalls where the rule set does not match policy

  • Unauthorized clients and servers including network-threatening server applications such as DHCP or DNS service, along with unauthorized applications such as network scanning tools or unsecured remote desktop.

“Increased visibility into the security posture of the network is what characterises an IDS, but for the majority of companies they do not have a team to monitor the IDS and so the visibility gained is completely wasted.”

This is where we come in….. read more