Updating intrusion detection report
Hybrid NIDS and HIDS solutions that combine aspects of both systems are also available and can be useful in different scenarios.Firewalls may be able to show you the ports and IP addresses that are used between two hosts, but in addition a NIDS can be tuned to show you the specific content within the packets.This saves a lot of time when compared to doing it manually.
This is resource intensive, so your organization will need to plan for the additional hardware required.
While a firewall is there to keep out malicious attacks, an IDS is there to detect whether someone or something is trying up to suspicious or nefarious activity.
When it detects something, it notifies the system administrator.
Another benefit of an NIDS is that they detect incidents in real-time, meaning that they can log evidence that an attacker may otherwise try to erase.
While the real-time detection abilities of an NIDS allow for quicker responses, they also turn up more false positives than an HIDS.
The sensors can detect suspicious activity because they know how the protocols should be functioning. This information can be used to change your security systems or implement new controls that are more effective.