Which Is the Right IDS for You?

A promising, but premature, solution

Anomaly-based detection, which takes note of the network, endpoint, or application’s baseline and sends alerts for unusual activity, is much touted as the answer to the problems that rule- and signature-based IDS encounter.

False positives can cause alert fatigue, leaving room for real threats to get overlooked.

False negatives, on the other hand, give a free pass to intruders.

What anomaly-based IDS does do well, especially at the application level, is spot aberrant use patterns. Is traffic leaving the application for some strange location? Is the user logging on at a time when they would normally be asleep?



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


We help companies develop secure products