The sensors can detect suspicious activity because they know how the protocols should be functioning. This information can be used to change your security systems or implement new controls that are more effective.
Just as a fire alarm detects smoke, an intrusion detection system idenitifies incidents and potential threats.
They are incredibly useful for raising awareness, but if you don’t hear the alarm or react appropriately, your house may burn down.
Because of this, an IDS needs to be part of a comprehensive plan that includes other security measures and staff who know how to react appropriately.
An IDS is immensely helpful for monitoring the network, but their usefulness all depends on what you do with the information that they give you.
An HIDS monitors event and audit logs, comparing new entries to attack signatures.
This is resource intensive, so your organization will need to plan for the additional hardware required.
An IPS is similar to an IDS, except that they are able to block potential threats as well.
They monitor, log and report activities, similarly to an IDS, but they are also capable of stopping threats without the system administrator getting involved.
You can also use your IDS logs as part of the documentation to meet certain requirements.