Monitoring your network, protecting your business
Comprehensive network and endpoint security is a key part of an organisation’s response to cyber threats. Perimeter firewalls and Identity Access Management tools can restrict and control access to the organisations network, but how do you detect and stop an intruder who has managed to breach your security and is now loose on your network, before they can cause damage or start to extract data?
An Intrusion Detection System (IDS) monitors the network for malicious activity or policy violations. Any detected activity or violation is then either reported to an administrator or collected centrally using a Security Information and Event Management (SIEM) system. A SIEM system can combine outputs from a number of sources and can use alarm filtering techniques to distinguish malicious activity from false alarms. An Intrusion Prevention System (IPS) can then be used to stop the malicious activity.
Major firewall vendors are building some intrusion detection and prevention features into their products. However, a dedicated IDS/IPS solution can detect and prevent a much broader range of malicious activities than those built into most firewalls.