Detection tools work very similar to our home security systems. We have security systems to protect our home from any possible intrusion and unauthorised and unwanted access same like companies and organisation have cybersecurity tools to prevent intrusion and unwanted access to protect their assets and network infrastructure.
The goal is to detect potential malicious activity so IDS helps to detect this activities and generate an alert for professionals to prevent this intrusion. Once IDS gives an alert , security professionals investigate and take an action if needed.
As an example of an alert, when a suspicious user login to system from an unknown IP address or outside of working hours etc.
There are 2 types of IDS : Host-Based IDS (HIDS) and Network-Based IDS (NIDS).
Host-Based IDS are application installed on individual computers and analysing logs and files for potential threats while Network-Based IDS monitoring the network traffic and define and detect malicious activity or log attempts.
It is recommended to use both NIDS and HIDS to protect our systems from malicious activities.
It is essential to have some sort of rules if we want to have organised systems. To do so, we need to implement some mechanism or extra security layer such as MFA(Multi-factor authentication), biometric scans(Retinal, fingerprint or voice) .This is where Access Controls come . Access Controls limit the access either authorised or unauthorised.
Auditing is a collection of tracks and records which related to the systems. Auditing helps to security professionals to identify possible breaches or suspicious activities happened in the systems. Auditing is essential for organizations to build a solid security posture and defence in depth.