What is a function of a Network-Based Intrusion Detection System (NIDS)?
A Network-Based Intrusion Detection System monitors network traffic and reports suspicious findings to administrators or security tools. It observes packets traversing a network segment and compares activity against signatures, patterns, protocol anomalies, or behavior models. Because it is detection-focused, a NIDS typically alerts rather than blocks traffic inline. Scanning and quarantining infected files on a host machine is an endpoint security function. Proxying traffic before it reaches an internal network is a proxy function. Blocking malicious traffic in real time is more closely associated with an IPS or firewall. A NIDS is useful because it can provide visibility across multiple hosts without installing an agent on each one. However, encrypted traffic, high throughput, and east-west blind spots can limit visibility if sensors are not placed correctly. SOC teams use NIDS alerts as evidence during investigation and correlation. Reference/topics: Cybersecurity 1.4, NIDS and other threat detection systems; Security Operations 6.3, alerts and events.
Currently there are no comments in this discussion, be the first to comment!