Intrusion Detection Systems
While firewalls are excellent at controlling access and traffic, they fall short when it comes to traffic that is already on their trusted side. Intrusion Detection Systems (IDS) watch your LAN for trends that match known malicious traffic patterns. This is different than what an antivirus program does for you! IDS can be configured to alert key people on your staff so that swift, appropriate action is the result. What would be your organization's current response to an unspecified system intrusion? Without specific indications of what is happening and to what systems, a technician's first response could end up being inappropriate, or even destructive. In the mean time, a well prepared adversary, or well designed tool, is wondering freely across your systems and data.
With the growing demand for IDS, many hardware vendors are offering IDS as an add-on to their regular equipment. This doesn't always yield the best result. Control point focuses on capabilities, rather than convenience. The important issues are a combination of recognized signatures, device throughput, stealth capability, performance, interface design, and network overhead that makes a good IDS. IDS isn't the only thing that can help your IT staff become more efficient...
Please see Network Monitoring. |
