// THREAT DETECTION AND DATA PRIVACY TERM
Intrusion Detection System
An Intrusion Detection System (IDS) is like a security alarm for a computer network or system. It continuously watches for suspicious activities or unauthorized attempts to access or damage systems and then alerts administrators.
TECHNICAL DEFINITION
An Intrusion Detection System (IDS) is a cybersecurity technology that monitors network traffic or system activities for malicious behaviors, policy violations, or anomalous patterns, employing signature-based or anomaly-based detection methods to identify and report potential security threats to administrators.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- IDS
- Network Intrusion Detection System
- Host Intrusion Detection System
- Intrusion monitor
- Threat detector
USAGE NOTE
IDS are deployed to detect potential security breaches and provide visibility into threats, often complementing Intrusion Prevention Systems (IPS) which can actively block detected attacks.
DEVELOPERS
Organizations developing technology related to Intrusion Detection System.
Cisco develops a range of security products, including its Next-Generation Intrusion Prevention System (NGIPS) solutions, which offer advanced threat detection and prevention capabilities.
Fortinet provides comprehensive cybersecurity solutions, including its FortiGate firewalls with integrated intrusion prevention system (IPS) functionality and dedicated FortiAnalyzer for threat detection and logging.
Palo Alto Networks offers its Next-Generation Firewall platform, which integrates intrusion prevention and threat detection capabilities to identify and block known and unknown threats.
IBM Security offers various solutions, including IBM Security QRadar, which provides security intelligence and event management (SIEM) that incorporates intrusion detection and prevention functionalities.
CrowdStrike is known for its cloud-native endpoint protection platform, Falcon, which includes robust threat detection, behavioral analysis, and response capabilities that serve as an advanced form of intrusion detection.
Sophos provides a unified security platform that includes network firewalls with IPS capabilities, endpoint protection, and extended detection and response (XDR) solutions to detect and respond to intrusions.
Suricata is a free and open-source, high-performance network IDS, IPS, and network security monitoring engine. It's developed by the Open Information Security Foundation (OISF) and supported by a community.
Snort is a widely deployed open-source network intrusion prevention and detection system capable of performing real-time traffic analysis and packet logging. It is developed and maintained by Cisco.