What is an intrusion detection system (IDS)? A valued capability with serious management challenges

An intrusion detection system, or IDS, monitors traffic moving on networks and through systems to search for suspicious activity and known threats, sending up alerts when it finds such items. Enterprise IT departments deploy intrusion detection systems to gain visibility into potentially malicious activities happening within their technology environments. Each IDS is programmed to analyze traffic and identify patterns in that traffic that may indicate a cyberattack of various sorts.

An IDS can identify “traffic that could be considered universally malicious or noteworthy,” explained Judy Novak, a senior instructor with the cybersecurity training institute SANS and author of SANS SEC503: Intrusion Detection In-Depth, such as a phishing attack link that downloads malicious software. Additionally, an IDS can detect traffic that’s problematic to specific software; so it would alert IT if it detects a known attack against the Firefox browsers in use at a company (but should not alert if the company uses a different browser).

Read more about what IDS as a function is and why this longtime corporate cybersecurity staple remains critical in the modern enterprise, but maybe not as a standalone solution, on CSO.

Track the strategic threats to your business with the Threat Brief, delivered to your email daily.

Subscribe Here