[Term of the Day]: Intrusion Detection Systems (IDS)
Term of the Day
"Intrusion Detection System (IDS)"
Definition — What is an IDS?
IDS, an acronym for Intrusion Detection System, is a device or software that monitors a network for abnormal activities or policy violations. Suspicious activities trigger administrator alarms and other configurable responses. The abnormal activities are detected through:
- System file comparisons against malware signatures.
- Scanning processes that detect signs of harmful patterns.
- Monitoring user behavior to detect malicious intent.
- Monitoring system settings and configurations.
- Upon detecting a security policy violation, virus or configuration error, an IDS can kick an offending user off the network and send an alert to the cybersecurity team.
There is a wide array of IDS, ranging from antivirus software to tiered monitoring systems that follow the traffic of an entire network. The most common classifications are:
- Network intrusion detection systems (NIDS): A system that analyzes incoming network traffic.
- Host-based intrusion detection systems (HIDS): A system that monitors important operating system files.
Modern networked business environments require a high level of security as cybersecurity threats occur on a daily basis. Organizations are in need of greater defenses as hackers and malware become more and more sophisticated, so it is important that protection technologies adapt along with their threats. An intrusion detection system acts as an adaptable safeguard technology for system security after traditional technologies fail.