Intrusion Detection System
What is an Intrusion Detection System?
An intrusion detection system (IDS) is an application that monitors network traffic and searches for known threats and suspicious or malicious activity. The IDS sends alerts to IT and security teams when it detects any security risks and threats.
Most IDS solutions simply monitor and report suspicious activity and traffic when they detect an anomaly. However, some can go a step further by taking action when it detects anomalous activity, such as blocking malicious or suspicious traffic.
IDS tools typically are software applications that run on organizations’ hardware or as a network security solution. There are also cloud-based IDS solutions that protect organizations’ data, resources, and systems in their cloud deployments and environments.
What is an Intrusion in Cybersecurity?
The answer to "what is intrusion" is typically an attacker gaining unauthorized access to a device, network, or system. Cyber criminals use increasingly sophisticated techniques and tactics to infiltrate organizations without being discovered. This includes common techniques like:
- Address spoofing: The source of an attack is hidden using spoofed, misconfigured, and poorly secured proxy servers, which makes it difficult for organizations to discover attackers.
- Fragmentation: Fragmented packets enable attackers to bypass organizations’ detection systems.
- Pattern evasion: Hackers adjust their attack architectures to avoid the patterns that IDS solutions use to spot a threat.
- Coordinated attack: A network scan threat allocates numerous hosts or ports to different attackers, making it difficult for the IDS to work out what is happening.