What is intrusion detection?
Network Intrusion detection is the practice of identifying and analysing malicious traffic entering, exiting or traversing within a network.
This is either network traffic entering your local network from the internet or moving between systems on your local network. Network Intrusion Detection systems know known patterns of malicious network traffic as well as the traits of malicious traffic. When they are detected you are alerted to the danger, allowing you to take immediate action by closing the means of entry and eradicating the intruder. These systems can be set to automatically prevent perceived malicious traffic from entering your system too. In addition, they can feed into your Security Incident Event Management (SIEM) Systems too (see our SIEM solutions page).
Why do I need a intrusion detection system?
Attackers can be persistent. Sometimes it can take numerous attempts to gain access to your systems. Ultimately when they are successful they go undetected. It might be that the first you hear about your systems being compromised is when you are informed by either law enforcement, the press or your customers, which results in fines, litigation and irreparable reputational damage.
In today’s network environment the line between where your network ends and the Internet begins is disappearing. Your goal should be to discover both attacks currently being attempted in addition to those which have succeeded,
Our methods of Intrusion Detection include detecting not only known attacks but also the unknown, so called “zero-day” attacks. This is due to our in-depth understanding of the problem domain. We have spent years learning the most effective ways of detecting evolving threats through university led research into practical bleeding edge solutions. Our methods are steeped in research with PhD level experts with international publication portfolios, harnessing the latest research in Artificial Intelligence and data-mining techniques to ensure that the false-positives and inaccuracies of stock vendor solutions are avoided. We are happy to configure our systems either standalone or combined with your existing SIEM solution.