An IDS is a visibility tool. Intrusion Detection Systems sit off to the side of the network, monitoring traffic at many different points, and provide visibility into the security posture of the network. A good analogy is to compare an IDS with a sewer inspector. A sewer inspector looks deep into the sewers see what is happening, in sometimes excruciating detail. An IDS is a “protocol analyzer” for the security engineer. The IDS looks deep into the computer network and can sees what is happening from the security point of view in near real time.
In the hands of a competent and well trained security analyst, the IDS becomes a window into the network. The information provided by the IDS will help the security and network management teams uncover: