Welcome to the Aanval Wiki. Snort, Suricata and Syslog Intrusion Detection, Situational Awareness and Risk Management.

Visit http://www.aanval.com/ for more information.

Intrusion Detection System

From Aanval Wiki
Jump to: navigation, search

Intrusion Detection System (IDS)

What is an IDS?

An Intrusion Detection System (IDS) is a security system that monitors computer systems and network traffic and analyzes activities for malicious security threats. Threats may originate from outside or inside the organization.

The most commonly know and used form of IDS is called a Network Intrusion Detection System or NIDS. Though a distinction lies between a NIDS, a HIDS (Host Intrusion Detection System), and a WIDS (Wireless Intrusion Detection System), when referring to Intrusion Detection, the generic term of IDS is generally used to describe the tool, despite its speciality.

How does an IDS work?

A NIDS is an independent platform that identifies intrusions by examining network traffic and monitors multiple hosts. Network Intrusion Detection Systems gain access to network traffic by connecting to a network hub, network switch configured for port mirroring/scanning, or network tap. In a NIDS, sensors are located at choke points in the network to be monitored, often in the demilitarized zone (DMZ) or at network borders. Sensors capture all network traffic and analyzes the content of individual packets for malicious traffic. Examples of NIDS are Snort and Suricata.

IDS and SIEM: a Dynamic Duo

Deploying an IDS alone is not enough to view and analyze network activity, as most IDS engines lack GUIs. When logged data from an IDS is coupled with a Security Information and Event Management (SIEM) tool, not only is network activity displayed, but it can be correlated, and network posture can be gaged. Aanval is the industry's leading SIEM that beautifully interconnects with both Snort and Suricata, in addition to hundreds of other devices capable of producing logs, generically known as Syslog data. Aanval is a behemoth of a SIEM, providing additional functionality such as Situational Awareness--an instant bird's-eye view of the network, its posture, and possible points of peril--GeoLocation that displays the global location of offending traffic and those being targeted; and offers additional tools to automatically prevent malicious traffic.

See Also

For a detailed description of Aanval's features and how they can be used to keep your network secure, please read the following articles and visit http://www.aanval.com: