Intrusion Detection System (IDS) definition in Cybersecurity
An Intrusion Detection System (IDS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any detected activity or violation is typically reported either to an administrator or collected centrally using a security information and event management (SIEM) system. An IDS can be classified into two types: network-based (NIDS) and host-based (HIDS) intrusion detection systems.
Open source or Free solutions
- Snort: An open source network intrusion detection system (NIDS) that is capable of performing real-time traffic analysis and packet logging on IP networks.
- Suricata: An open source, mature, fast, and robust network threat detection engine capable of real-time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM), and offline pcap processing.
Paying solutions
- Cisco Stealthwatch: Provides enterprise-wide visibility, from the private network to the public cloud, and advanced security analytics for detecting and responding to threats in real-time.
- Darktrace: Uses artificial intelligence to automatically detect and respond to threats in real time across diverse environments, including cloud, virtualized, and on-premise networks.