One of the main activities within security (whether physical or logical) is monitoring. Monitoring is based on the initial definition of a series of thresholds of "normal" behavior of an object (an automatic control system, a data network, a computer, a computer program, etc.) and the subsequent comparison with its status current to detect possible anomalies at a specific time. This monitoring gives rise to a continuous feedback that will allow the activation of detective and / or corrective activities aimed at re-aligning this element within the established parameters:
As can be seen in the diagram, there are 3 functional blocks within the monitoring process:
A source of information or object to monitor, which processes, transmits or stores data
An analysis action where behavioral data from the information source will be collected and compared with the expected parameters
A response to abnormal behavior, which can be passive (alert) or active (which can modify the environment to re-align the behavior)
Under this scenario, a system that is responsible for obtaining data from a source of information, analyzing them, comparing them against predefined values of behavior to detect anomalous behaviors and generating response actions is called “Intrusion detection / prevention system”, meaning “intrusion »As an unauthorized action that may compromise the security of the monitored object. Examples of intrusion detection / prevention systems can be found in physical video surveillance systems, alarms, industrial automatic control systems, etc.
In the area of information security, an intrusion detection system ("Intrusion Detection System" - IDS) or intrusion prevention system ("Intrusion Prevention System" - IPS) is an element that monitors the behavior of networks, host and / or applications in search of patterns of malicious behavior, sharing the same characteristics described above, which allow cataloging them according to their operation:
As can be seen in the diagram, there are 3 functional blocks within the monitoring process:
A source of information or object to monitor, which processes, transmits or stores data
An analysis action where behavioral data from the information source will be collected and compared with the expected parameters
A response to abnormal behavior, which can be passive (alert) or active (which can modify the environment to re-align the behavior)
Under this scenario, a system that is responsible for obtaining data from a source of information, analyzing them, comparing them against predefined values of behavior to detect anomalous behaviors and generating response actions is called “Intrusion detection / prevention system”, meaning “intrusion »As an unauthorized action that may compromise the security of the monitored object. Examples of intrusion detection / prevention systems can be found in physical video surveillance systems, alarms, industrial automatic control systems, etc.
In the area of information security, an intrusion detection system ("Intrusion Detection System" - IDS) or intrusion prevention system ("Intrusion Prevention System" - IPS) is an element that monitors the behavior of networks, host and / or applications in search of patterns of malicious behavior, sharing the same characteristics described above, which allow cataloging them according to their operation: