Intrusion detection is the practice of deploying devices and/or software to detect intruders or trespassers in a network. Intrusion detection systems (IDSs) help identify cyberthreats so they can be isolated from and prevent damage to the system and its contents.
IDSs are different from firewalls, as they check inside the system, while firewalls try to prevent certain elements from entering. Firewalls act like a gate, while an IDS serves as a closed-circuit camera system. Both are important parts of a security system but cannot substitute for one another. This is because an IDS cannot keep elements out (they only sense them for further action), while a firewall cannot weed out elements that manage to find their way through the gate.
Related: 5 proactive defenses against cyberattacks
There are several kinds of IDSs, with each letting you pick one out depending on your business’s needs and means. Below are the four basic IDS types along with their characteristics and advantages:
Network intrusion detection system
A network intrusion detection system (NIDS) is an independent platform that monitors network traffic and examines hosts to identify intruders. NIDSs connect to network hubs or network taps, and are often placed at data chokepoints — usually in a demilitarized zone (DMZ) or network border — to capture network traffic and analyze individual packets for malicious content.
A well-placed NIDS protocol can efficiently monitor total network traffic without impacting performance. It also does not affect network availability and throughput because it does not add to the traffic volume.
Host-based intrusion detection system
A host-based intrusion detection system (HIDS) is an agent installed directly onto the host that senses malicious traffic that goes through system calls, application logs, and file system modifications. For instance, it analyzes password log attempts and compares these against known brute force attack patterns to identify whether it is a breach attempt.
Because HIDSs monitor events local to hosts, they can detect attacks that a NIDS may miss. HIDS is also an effective tool for detecting and preventing software integrity breaches like Trojan horses. They can also operate in an environment where network traffic is encrypted, making them ideal for protecting highly sensitive information such as legal documents, personal information, and intellectual property.
Perimeter intrusion detection system
A perimeter intrusion detection system (PIDS) detects and locates intrusion attempts on “perimeter fences” of important system infrastructures such as the main server. A PIDS setup typically comes in the form of an electronic or fiber optic device fitted onto the digital perimeter fence of a server. If it senses disturbances, which indicate that access is being attempted through means other than the regular channel, it triggers an alarm.
PIDS serves as an early warning device and acts like a sentry that rouses the main defense corps at the first sign of a trespasser. It’s a cost-effective first line of defense, as it can simply be affixed onto your existing system without much alteration or adjustment.
VM-based intrusion detection system
A virtual machine-based intrusion detection system (VMIDS) is similar to one or a combination of any of the three IDSs above but deployed remotely via a virtual machine (VM). It’s the newest of the four IDS types, and is currently still being improved. Most managed IT services providers (MSPs) make use of a VMIDS setup.
Related: The advantages of managed security services over in-house security services
VMIDSs are less intrusive than traditional IDS setups because they can be deployed without having a vendor physically come to your office. They have potentially better coverage than any of the three other IDSs, but may present some issues if your internet connection goes down.
Intrusion detection systems can be intimidating to run in-house., which is why most of our La Plata and Winston-Salem clients choose outsourceIT for their IDS needs. Our managed IDS and network security center services are robust, scalable, and easy to use. Call us to learn more.
Pingback: Key tools and technologies for a security operations center | outsourceIT