Intrusion detection system (IDS) stands for a hardware device or software application used to monitor and detect suspicious network traffic and potential security breaches. Malicious activities are then flagged and reported including information about the intrusion source, the target’s address, and the type of the suspected breach. This data allows cybersecurity experts to easily identify and remediate the attack before any damage has been done.
In the past, IDS has been driven by digital signatures. However, there are two drawbacks to this:
IDS still has a role in the modern organization, but more as a firewall feature than a comprehensive security system.
There are many different classifications of intrusion detection systems. The most common classifications are:
Intrusion Detection Systems (IDS) monitor network traffic for patterns that match known cybersecurity threats. Some IDS have the capability to act upon detected threats to stop the attack. These system is classified as an Intrusion Prevention Systems (IPS).
The main disadvantage of using an IDS is its inability to respond or stop attacks upon detection.
The disadvantage to host-based IDS is its inability to discover network threats against the host. On the other hand, network-based IDS utilizes network sensors strategically placed throughout the network, allowing the system to detect reconnaissance attacks.
The main advantage of network-based IDS is that this system was designed to prevent a reconnaissance attack before it infiltrates the internal network.
Vectra is changing the way intrusion detection is done. It uses an innovative combination of data science, machine learning and behavioral analysis to detect active threats inside the network.
Because Vectra detects malicious actions instead of malicious payloads, it can identify active threats without decrypting traffic. That means attackers can no longer communicate covertly with infected hosts by using SSL-encrypted web sessions or hidden tunnels.
While traditional IDS is fixated on detecting an initial compromise, Vectra detects active threats in every phase of the cyber attack kill chain—command and control, internal reconnaissance, lateral movement, and data exfiltration.
Most important, Vectra doesn’t burden overworked security teams. Instead, it maps detections to the hosts that are under attack and scores and prioritizes threats that pose the highest risk—automatically and in real time. This gives security teams the speed and efficiency they need to prevent or mitigate data loss.