An intrusion detection system is designed to detect possible threats and vulnerabilities against a computer or specific application. This is an essential element of protecting your business because we store so much valuable information on our computers. The last thing we want is confidential information to get into the hands of the wrong people. An intrusion detection system is considered SaaS, or Security as a Service. It is important to choose an intrusion detection system that fits the specific needs of your business. Here are some common types of intrusion detection systems to help make your decision easier.
Active Vs. Passive
An active intrusion detection system is made to automatically react when there is some sort of suspected attack or intrusion. This is an advantage because it allows for a faster reaction time since the system doesn’t require an operator to activate its protection methods. The downside to an active system is that it can sometimes attack itself. Also, if it hasn’t been properly set up and filtered, this system can mistakenly deny authorized people access to a network.
A passive intrusion detection system is essentially the opposite of an active one. It is designed to simply observe and analyze network activity and if there is anything suspicious, it will send a notice to the employee in charge of this. This system will rarely ever attack itself, but it does require an extra step to initiate the protection measures.
Network-Based Vs. Host-Based (SaaS, Security as a Service)
Network-based intrusion detection systems consist of a sensor, a Network Interface Card, and a separate management system. With this type, the detection system is set up to a network segment and it monitors all computer traffic along that specific segment. This allows for multiple devices to be linked to one central system. This requires additional equipment locally that consumes power and has to be maintained making the initial implementation costs and long term cost of ownership high.
With a host-based system, there must be software installed on systems individually in order for them to be monitored. The software that’s installed monitors that specific system and reports any suspicious activity to the operator. An installation of the software is required for each monitored system, however by reducing physical equipment, efficiencies are created, making the initial setup costs and long term cost of ownership minimal.
Knowledge-Based Vs. Behavior-Based
The more common of the two, a knowledge-based intrusion detection system gets its information from a database that has profiles of previous attacks to the system. The database also includes well known system vulnerabilities and that is how the intrusion detection system decides what is considered a threat. This kind has a lower false alarm rate than behavior systems, but it requires that the database be constantly updated when new vulnerabilities or threats are discovered.
A behavior-based system detects threats by learning the patterns of the normal system. Anything that seems to be outside of the regular system patterns will trigger an alarm. This gives it an advantage when it comes to newer threats because they won’t be overlooked. On the downside, this can set off more false alarms and there may be some patterns that change regularly, which the system won’t pick up on.
S3 Integration For All Your Security Needs
S3 Integration is business for your network and security needs. Offering integrated security management systems, life safety systems and IT solutions and services, S3 can design solutions to keep your people, your property, and your visitors safe. Through our Professional Security Alliance national network, we have over 300 branch locations with approximately 6,000 security professionals trained and ready to serve you. S3I has the unique ability to combine the manpower of a large national company with the service and commitment of a small privately-owned business. Contact S3 Integration today, or find us on Facebook, Twitter, and LinkedIn.