Intrusion detection is the process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. Intrusion prevention is the process of performing intrusion detection and attempting to stop detected possible incidents. Intrusion detection and prevention systems (IDPS)1 are primarily focused on identifying possible incidents, logging information about them, attempting to stop them, and reporting them to security administrators. In addition, organizations use IDPSs for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. IDPSs have become a necessary addition to the security infrastructure of nearly every organization.
IDPSs typically record information related to observed events, notify security administrators of important observed events, and produce reports. Many IDPSs can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack’s content.
Learn more about Intrusion Detection and Prevention Systems from the official NIST report located here: http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
WWC has certain expertise in configuring and deploying both host-based and perimeter-network Intrusion Detection Systems. These systems have proven themselves time and time again with respect to both effective monitoring and effective incident response. Too often many businesses experience an incident that could have been prevented because they only implement a firewall, or they only implement antivirus software. These packages along with IDS are all components of the total security solution. If your information security is critical, having an IDS package is critical.
Did you know…
- …that the number one source of data breaches inside the Fortune 500 originated with infected USB flash drives, infected smartphones and other devices brought inside the network?
- …that this trend is forcing network administrators to secure individual machines and servers inside an already “secured” internal network?