What is an Intrusion Detection System?
- Doug McLean
An IDS is industry-standard technology for network defense. The National Institute of Standards and Technology (NIS) defines an Intrusion Detection System (IDS) as “a security service that monitors and analyzes network or system events for the purpose of finding, and providing real-time or near real-time warning of, attempts to access system resources in an unauthorized manner.” Also known as a network intrusion detection system (NIDS), an IDS often comes in the form of a piece of hardware, such as a computer or server, or a dedicated appliance.
An IDS sits on a network to watch for malicious or suspicious network activity that it sees. In most cases, it performs this monitoring by utilizing signatures, or pre-defined patterns determined to be malicious. If network traffic matches the pattern, the IDS generates an alert.
An IDS is different from an intrusion prevention system (IPS). The latter can stop traffic; it’s “active.” Meanwhile, an IDS cannot interfere with network activity; it’s “passive.” It’s therefore imperative that whoever receives the alert takes action in some way.