What is what in technologies - part 2

We are continuing in our enterprise security technologies series. Now, you can find our more about IDS.

March 16, 2016
ids technology enterprise threat intelligence

So, what is hiding behind these magical letters? An intrusion detection system (with abbreviation IDS) is a type of security software designed to automatically alert administrators when there is a try to access and misuse information system through malicious activities or through security policy violations.

What does IDS do? IDS systems identify possible incidents, report and store them. It monitors system activities and exams vulnerabilities in the system. Its focus is also in the files integrity and IDS performs analysis based on known attacks patterns. There is also an automatic monitoring of Internet focused on gathering information of the latest threats which could result in a future attack.

Basic approaches are network based (NIDS) and host based (HIDS) intrusion detection systems. NIDS systems focus on threats from the inside of the network. They are placed at a strategic point in the network to monitor traffic on all devices. NIDS analyses traffic and matches results with the library of known attacks and then informs an administrator. Basically there can be online and offline NIDS systems. Online ones work in real time, analyse Ethernet packets when applying defined rules. Offline ones processes stored data in order to decide if there is an attack or not. HIDS systems run only on an individual host or device within the network. They monitor inbound and outbound packets from such device and alert the user or the administrator when any suspicious event is detected. It compares snapshots of existing files with previous snapshots. HIDS are mainly used on machines which which are not supposed to change their configurations.

It performs more ways of detection. In signature-based detection, a pattern or signature is compared to previous events to discover current threats. This helps to find already known threats, but not the unknown or hidden ones. On the other hand, an anomaly-based detection compares the definition of a normal action against characteristics of an abnormal event.

There is a lot of other common terms used within IDS solutions such as detection rate, false alarm rate, tru positive, false positive, noise, and many other which will be a topic of one of our future parts of this series. Important for now is that IDS systems have become a really necessary tool for secured infrastructures of every organization. For more information about this, visit TI-security.com.

Stay tuned for another part of our new technological series.