An Intrusion Detection System (IDS) is a type of security technology that protects organisations from cyber attacks by monitoring network traffic for suspicious activity and sending alerts when breaches are identified. The most advanced IDS and Intrusion Prevention System (IPS) technologies leverage real-time behavioural analysis and machine learning for intrusion detection.
Types of intrusion detection
Host-based: detection of malicious activity occurring at endpoints; monitor devices for potential problems. They can detect threat signatures and anomalies, created by people or malware.
Network-based: monitors the entire network for suspicious activity
Signature-based: detection of attacks based on known behaviour
Anomaly-based: detection of attacks based on deviations from expected patterns or behaviour
The most common suspicious actions in intrusion detection are
Unusual activity of standard programmes
Calls to running processes from non-standard executables
Unexpected script executions
Unexpected execution of system tools by standard processes
Whichever configuration you choose, be sure to fine-tune and maintain your detection systems as much as possible. For instance, customise your IDS so that it can handle suspicious but encrypted data more efficiently, either alone or in cooperation with anti-malware.
Think of intrusion detection systems as the foundation of your computer security. The stronger it is, the more confident you will feel about your security, stability and business potential. The performance of other added software may also depend on this foundation.
Splunk is a valuable intrusion detection tool: if you are not able to implement it yourself, contact your IT consultant or contact our support.