Intrusion detection

Intrusion detection alerts on unexpected server activity?

Intrusion detection software monitors servers and alerts in case there is unexpected activity.

Intrusion detection is a monitoring measure that detects server compromises. Intrusion detection software monitors processes, file systems, configuration files, passwords and user databases. In case there are changes not matching the predefined ruleset, an alert is fired.

Intrusion detection cannot detect in-process compromises and tailored attack payloads. Thus, its efficiency against well-versed adversaries is questionable.

Applies for: Medium and large enterprises

Links: