Intrusion Detection is a system designed to monitor network traffic for any suspicious activities or known threats. If such anomalies are found, the system will provide information such as the type of suspected attack, the targeted address and where it came from. Intrusion detection systems can be categorized as host-based, if the sensors that detect the threat are placed on a host, or network-based, if the sensors are placed on a network.
How an IDS works
The main purpose of an IDS is to detect and report an anomaly, but not to block or stop it. This is in contrast to a firewall or intrusion prevention systems (IPS), which have the ability to detect and block anomalies. While the inability to stop malware can be seen as disadvantage, experts believe IDS is still useful for enterprises.
The case for IDS
IDS is still useful in its main functionality of detecting an active threat. However, threat detection alone is not enough, and enterprises need to implement systems that deal with these threats.
Some of the challenges facing IDS
One of the main challenges facing these systems is false positives. This is when the IDS generates alerts when there are no real threats. It can be corrected by continually updating the system. Another challenge is that these systems need to be configured to suit the unique needs of an organisation. Intrusion detection systems can also miss legitimate threats since they are designed to only identify threats that are already known.
What is the future of IDS?
While it has its challenges, IDS still has a vital role to play. When IDS it is considered as a function, the concept behind it is being layered on firewalls and IPSs to improve and enhance their capabilities.