Intrusion Detection System – Network Defense

The concept behind intrusion detection system is to protect your network from malicious intrusion by monitoring network activity to identify possible incidents, logging the information, attempting to defend such activity, and reporting it. Intrusion detection systems (IDS) can also help to identify any problems with security policies and policy violations.

Intrusion detection systems are a necessary addition to the antivirus security infrastructure of nearly every organization. An IDS will record information related to observed events, notify security administrators of important observed events, produce reports, and attempt to prevent threats from succeeding.1

An IDS complements existing security practices by providing an extra layer of network defense against computer hackers that bypass perimeter defenses and target software vulnerabilities, much like a home alarm system that alerts you when someone gets past a locked door.

There are two main approaches to host an intrusion detection system. System execution control is a behavior-based approach. These systems learn what the “normal behavior” is for a host, and then they can identify and block strange or anomalous behavior. Most first-generation host intrusion detection and prevention systems (IDS/IPS) tend to use the system execution control approach.

A second approach uses proven network perimeter defenses such as firewall, IDS and IPS, but applies them at the network layer on the host. Although this network security approach has a smaller coverage umbrella compared to system execution control, it does cover the network interface, which is the attack vector of greatest concern, especially with mobile devices. In contrast to system execution control, the network approach is also more proactive: it stops malicious software code before it gets on the host.

OfficeScan with Intrusion Defense Firewall from Trend Micro provides early, strong protection with a network-level Host Intrusion Prevention System (HIPS). It is one of the industry’s most secure platforms for endpoint protection, whether they are on the network, mobile, or remote.2 The Intrusion Defense Firewall is bi-directional; it allows different rules to be applied to data entering or leaving the endpoint. This allows you to deal with both incoming attacks and outbound compliance issues. Intrusion Defense Firewall also shields vulnerabilities from being exploited before patches can be deployed to business-critical and hard-to-patch systems. It delivers true zero-day protection from known and unknown threats.

1 http://en.wikipedia.org/wiki/Intrusion_detection_system

2 http://www.trendmicro.com/cloud-content/us/pdfs/business/datasheets/ds02_osce.pdf