How to choose an Intrusion Detection System

Types of intrusion detection systems

Intrusion detection systems are typically network-based or host-based.

  • Network-based IDS (NIDS) monitors communications at the network level.
    The communications flowing through a network-based IDS typically consists of units of data, or “packets,” that its hosts send to one another internally or to external hosts outside the network.
  • The sheer volume and variety of types of network traffic can make gathering and analyzing all that data very complex and difficult, thus prone to errors.
  • Host-based IDS (HIDS) resides on a single computing device and monitors traffic flowing into, out of, and on, that device. It checks local files, environment variables, system calls, logs, and local network traffic.
  • Many enterprises prefer host-based IDS because encryption protocols typically end at the host. By the time the IDS views the data, it’s decrypted.
  • Host-based IDS includes intrusion detection systems that work at the application level. Growing in popularity, application-based IDS takes a more precise and intimate approach, looking for unusual activity in and on specific host applications.
  • Application-based IDS must be designed or configured for each individual application. An application-based approach might require more work up front, but offers superior access to information, performance, and detection abilities than a general host-based or a network-based IDS.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


We help companies develop secure products