Intrusion Detection and Prevention
Intrusion Detection Systems (IDS).
Monitoring and identifying unauthorized system access or manipulation.
Analyzes information from multiple sources (computers, servers, services, and network traffic).
Identifies:
Intrusions, attackers outside of the organization;
Misuse, wrong behavior from a licit user/service.
Does not block/prevent intrusion.
Signals an alarm for:
Human analysis and intervention;
Automatic threat responses by firewalls or centralized management systems.
Intrusion Prevention Systems (IPS).
A network level blocks traffic;
At the host level, it kills processes, quarantines files, blocks device access, etc ...
Last updated