Skip to main content

Posts

Showing posts with the label network security architecture

Intrusion Detection System (IDS) and Its Detailed Working Function – SOC/SIEM

An intrusion detection system (IDS) is a type of security software designed to automatically alert administrators when someone or something is trying to compromise information system through malicious activities such as  DDOS Attacks or through security policy violations. An  IDS works by monitoring system  activity through examining vulnerabilities in the system, the integrity of files and conducting an analysis of patterns based on already known attacks. It also automatically monitors the  Internet   to search for any of the latest  threats   which could result in a future attack. Detection Methods An IDS can only detect an attack. It cannot prevent attacks. In contrast, an IPS prevents attacks by detecting them and stopping them before they reach the target. An attack is an attempt to compromise  confidentiality, integrity, or availability. The two primary methods of detection are  signature-based and anomaly-based . Any type of IDS( HIDS or NIDS ) can detect attac