data protection is of paramount importance in today's world the vast amount of data flow between corporations and consumer needs to be secured considering that they are entrusted with a lot of belief the company can spend millions of dollars on the most secure servers but it takes a single hacker to ruin all the goodwill between the organizations to prevent these malicious attacks many automated security systems have been developed but none of them have been as used as ids platforms which are also known as intrusion detection systems welcome to this introductory lesson on intrusion detection systems so let's go through the topics that we are going to cover today we started the basic definition of ideas from a layman's perspective the moving on we cover the multiple types of intruders that seek to access confidential information without any authorization next we cover the basic ways to detect intrusion signatures from the perspective of a network administrator we then take a look at the different types of ideas systems that can be used in corporate environments today a small explanation of the two types of protection is then followed by an introduction to some of the most well-known ideas tools on the market so let's get started with what is an ids an intrusion detection system is an app or device that monitors inbound and outward network traffic continuously analyzing for activity changes and patterns and alerts an administrator when it detects unusual behavior an administrator then reviews alarms and take action to remove the threat for example an ids might inspect the data carried by network traffic to see if it contains known malware or other malicious content if it detects this type of threat it sends an alert to your security team so they can investigate and remediate it once your team receives the alert they must act quickly to prevent an attack from taking over the system to ensure that the ids doesn't slow down network performance the solutions often use a switched port analyzer or a text access port to analyze a copy of the inline data traffic so that they do not meddle with the actual traffic however they do not block threat once they enter the network as intrusion prevention systems do regardless of whether you set up a physical device or an ids program the system can recognize attack patterns with network packets monitor user behavior identify abnormal network activity or ensure user and system activity do not go against security policies the main goal of an ideas is to detect the anomalies before the hackers complete the objective once the system detects a threat the it team is informed and the information is passed on given the requirement for understanding context an enterprise has to be ready to make any ideas fit its own unique needs expert advice what this means is that an ids cannot be a one-size-fits-all configuration to operate accurately and effectively and this requires a savvy ideas analyst to tailor the ideas for the interests and needs of a given site a knowledgeable trained system analyst ask cash the trick with ideas is that you have to know what the attack is to be able to identify it the ids has always had the patient zero problem you have to have found someone who got sick and died before you can identify it it can usually go for two types of protection active protection and passive in a passive system the ids detects a potential security breach logs the information and signals an alert in a reactive system or an active system the ids responds to the suspicious activity by logging off a user or by reprogramming the firewall to block network traffic from the suspected malicious source so now that we understand what an ids is let us go through the different types of intruders ids platforms must be aware of to understand this type of intruders let us go through a scenario we have the servers which are protected by the ids platforms in place so let's say a hacker tries to breach the system from outside the organization this can be done using multiple attacks like ddos attacks injection attacks etc the category of individuals that are not authorized to use the system but still exploit users privacy and confidential information using different techniques are known as masqueraders a masquerader is an intruder that is an outsider who does not have direct access to the system and aims to attack unethically by stealing data or information however there is another intruder who is theoretically harder to detect and approve than a masquerader these are the people within the organization who want to weaken the security defenses be it for corporate espionage or to aid other masqueraders the category of individuals that are authorized to use a system but misuse the granted access and privilege these are individuals that take undue advantage of the permissions and give access to them and this category of intruders are known as miss visa misfeasions are people that are insiders and have direct access to the system which they aim to attack unethically by stealing data or information let us now go through some of the ways the ideas platforms can detect intrusion before registering intrusion detection systems primarily use two key methods one is signature page intrusion and anomaly based intrusion signature based intuition detection is designed to detect possible threats by comparing the given network traffic and log data to existing attack patterns these patterns are called sequences and could include byte sequence which is also known as malicious instruction sequences signature based detection enables you to accurately detect and identify possible known attacks anomaly based intrusion detection is the opposite it's designed to pinpoint unknown attacks such as new malware and adapt to them on the fly using machine learning machine learning techniques enable an intrusion detection system to create baselines of trustworthy activity which is known as a trust model then compare new behaviors to verify trust models false alarms can occur when using an anomaly based idea since previously unknown yet legitimate network traffic could be falsely identified as malicious activity now if you combine both of those you have the hybrid intuition detection they use signature based and anomaly based intuition detection to increase the scope of your ideas this enables you to identify as many threats as possible a comprehensive intrusion detection system can understand the evision techniques cybercriminals use to trick an ideas to thinking there isn't an attack taking place these techniques could include fragmentation low bandwidth attack pattern change division and many more we can now take a look at the type of protection offered by ids platforms there are a couple of ways that can be set up so let's go through each method the first is a network based ids the sensors are deployed at strategic points within the network such as within the dmz or at the network's perimeter the sensor can monitor individual packets of inbound and outbound traffic to and from all devices on the network it analyzes them for malicious activity and depending on the network architecture and amount of traffic involved multiple instances of network-based ideas may be necessary the second category is host based intrusion detection systems or hids an agent runs on all servers endpoints and devices in the network that have access to both the internet and the internal network intuitions identified by analyzing operating specific activities like the modification of the file system registry or access control lists and by monitoring system application logs as well they augment network-based idea systems by detecting anomalous traffic which originate within the organization or from the host that is being monitored for example a host infected with malware that has attempted to spread it to other internal hosts is an issue that a network-based ideas could potentially fail to detect the third variant is a cloud-based intrusion detection system because of the internet facing nature of the cloud on-premises id solutions are not necessarily optimized for monitoring for example network-based sensors need to be deployed within the cloud at an environment's network perimeter and yet a cloud service provider may or may not have a way to facilitate this cloud-based servers use purpose-built cloud sensors that use cloud service provider application programming interface or cloud service provider apis to get as much visibility as possible into your cloud environment now that we understand the different types of ids deployment tactics let us go through some tools that excel in this field offering top of the line implementations and a corporate and consumer environment the first tool being covered is the solarwinds security event manager the solarwinds security event manager is designed to integrate real-time log data from across your infrastructure enabling it to act both as a network-based idea system and a host-based idea system the solution can let you discover all kinds of malicious attacks and help you protect your network from harm it is also designed to enact both signature based and anomaly-based intuition detection by comparing sequences of network traffic against a set of customizable rules next we have the mcafee livesafe mcv livesafe is an intrusion detection system designed to bring a real-time threat awareness to your physical and virtual networks it uses signature-based intuition prevention and anomaly-based intrusion detection along with emulation techniques to spot and identify malicious activity mcafee is also built to correlate threat activity with application usage which can further prevent network issues stemming from cyber attacks next we have bloomera bloomera is a security information and event management platform built to enact threat detection and responses across your cloud and on-premises environments it is designed to continuously monitor your i.t infrastructure for suspicious activity and misconfigurations both of which could result in data leaks and compliance breaches it enables you to respond to an attack in progress and stop malicious actors in their tracks hope you learned something new today please let us know if you find any issues regarding ideas in the comment section below subscribe to our channel for more videos like this and thank you for watching hi there if you like this video subscribe to the simply learn youtube channel and click here to watch similar videos turn nerd up and get certified click here