Article: The Importance of Using Intrusion Detection Tools to Secure Your Business Network

The days when strong passwords and firewalls were all that was required to secure corporate networks, have long passed. Intruder attack methodology has become more targeted and sophisticated. Consequently, passive security methods have given way to tools that take a more active approach to network security.

What motivates an intruder? In a word, data. Customer and proprietary information have become hot commodities. In order to protect this sensitive information, a multi-pronged approach including first line of defense firewalls, anti-virus, and applying software patches are key. However, Intrusion Detection and Prevention Services (IDPS) should also be employed.

An IDS monitors network traffic for suspicious activity and alerts network administrators, or responds by taking predefined action like blocking IP addresses.

There are two types of Intrusion Detection Systems (IDS):

Host Based - This IDS is installed on a computer or other device. It runs in the background, examining inbound and outbound network traffic packets combined with log/system file analysis to look for suspicious activity. If something unusual is detected, the IDS can either alert a network administrator or it can invoke predefined methods to try and contain or deter the activity.

Network Based - This is the more aggressive IDS. It monitors traffic on network segments and if it detects suspicious activity, it will take action such as blocking IP addresses or users.

Service interruption and data breach can be costly both monetarily and in damage to company reputation. In the end, a security hardened network will employ a defense in depth concept that uses multi-layered hardware and software solutions to safeguard against data loss. For those threats that manage to get past initial defenses, a good IDS can go a long way toward thwarting and minimizing the damage caused by intruders.

This guest post was provided by Veronica Henry on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information about GFI event log monitoring solution can be found at http://www.gfi.com/eventsmanager

All product and company names herein may be trademarks of their respective owners.