Intrusion Detection and Prevention

Intrusion Detection Systems (IDS).

  • Monitoring and identifying unauthorized system access or manipulation.

  • Analyzes information from multiple sources (computers, servers, services, and network traffic).

  • Identifies:

    • Intrusions, attackers outside of the organization;

    • Misuse, wrong behavior from a licit user/service.

  • Does not block/prevent intrusion.

  • Signals an alarm for:

    • Human analysis and intervention;

    • Automatic threat responses by firewalls or centralized management systems.

Intrusion Prevention Systems (IPS).

  • A network level blocks traffic;

  • At the host level, it kills processes, quarantines files, blocks device access, etc ...

Last updated