An Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. It is a passive monitoring solution for detecting cybersecurity threats to an organization. If a potential intrusion is detected, the IDS generates an alert that notifies security personnel to investigate the incident and take remediative action. IDS types range in scope from single computers to large networks. The most common classifications are Network Intrusion Detection Systems (NIDS) and Host-based Intrusion Detection Systems (HIDS). A system that analyzes incoming network traffic is an example of an NIDS, while a system that monitors important operating system files is an example of an HIDS. IDS solutions can also be classified based upon how they identify potential threats. A signature-based IDS uses a library of signatures of known threats to identify them. An anomaly-based IDS builds a model of “normal” behavior of the protected system and reports on any deviations. A hybrid system uses both methods to identify potential threats.
An Intrusion Prevention System (IPS) is a security measure deployed in a network to detect and stop potential incidents. IPS is an active protection system that performs intrusion detection and then goes one step ahead and prevents any detected threats. IPS is the process of performing intrusion detection and then stopping the detected incidents, typically done by dropping packets or terminating sessions. IPS is available as part of network security measures taken to detect and stop potential incidents and is included functionality within next-generation firewalls (NGFW). IPS monitors all traffic on the network to identify any known malicious behavior. IDS/IPS are necessary security technologies, both at the network edge and within the data center, precisely because they can stop attackers while they are gathering information about your network. Three IDS detection methodologies are typically used to detect incidents: signature-based detection, anomaly-based detection, and hybrid detection. IPS is a more advanced version of IDS that can take action to prevent attacks.