1 00:00:00,06 --> 00:00:03,04 - [Instructor] An Intrusion Detection System, or IDS, 2 00:00:03,04 --> 00:00:06,05 provides an ability to receive an alert 3 00:00:06,05 --> 00:00:10,09 when an attacker breaches your network security. 4 00:00:10,09 --> 00:00:13,09 Therefore, IDS is critical 5 00:00:13,09 --> 00:00:17,00 in protecting your network. 6 00:00:17,00 --> 00:00:21,09 An IDS comes in as either an appliance 7 00:00:21,09 --> 00:00:25,01 or a piece of software. 8 00:00:25,01 --> 00:00:28,02 An appliance is a standalone solution. 9 00:00:28,02 --> 00:00:31,01 It's a physical box you can attach 10 00:00:31,01 --> 00:00:36,01 to your network without having to touch anything else. 11 00:00:36,01 --> 00:00:40,08 IDSs monitor networks for suspicious activities 12 00:00:40,08 --> 00:00:43,01 and send alarms. 13 00:00:43,01 --> 00:00:47,03 IDSs are passive, meaning they don't take any actions 14 00:00:47,03 --> 00:00:49,08 against the network traffic. 15 00:00:49,08 --> 00:00:52,01 There are different types of IDSs. 16 00:00:52,01 --> 00:00:55,06 The first type is signature based. 17 00:00:55,06 --> 00:01:00,01 The signature-based IDSs rely on a predetermined set 18 00:01:00,01 --> 00:01:04,00 of definitions characterizing various types 19 00:01:04,00 --> 00:01:06,02 of attack traffic. 20 00:01:06,02 --> 00:01:09,02 In this case, a definition refers 21 00:01:09,02 --> 00:01:13,04 to a bit pattern of network traffic. 22 00:01:13,04 --> 00:01:18,02 The second type is behavior-based IDSs, 23 00:01:18,02 --> 00:01:21,00 the behavior-based IDSs determine 24 00:01:21,00 --> 00:01:27,00 what's normal and what's not in terms of network activities. 25 00:01:27,00 --> 00:01:29,07 The technologies related to IDSs 26 00:01:29,07 --> 00:01:34,03 are intrusion prevention systems, or IPS, 27 00:01:34,03 --> 00:01:38,09 and unified threat management, or UTM. 28 00:01:38,09 --> 00:01:43,08 Compared to IDSs, IPSs are active, 29 00:01:43,08 --> 00:01:47,08 meaning they take action against packets. 30 00:01:47,08 --> 00:01:51,09 That is they drop suspicious packets. 31 00:01:51,09 --> 00:01:55,01 UTMs are much more comprehensive 32 00:01:55,01 --> 00:01:57,09 and they do almost everything. 33 00:01:57,09 --> 00:02:01,00 You can think of it as a Swiss Army Knife 34 00:02:01,00 --> 00:02:02,07 in network security. 35 00:02:02,07 --> 00:02:04,07 It acts like an IDS. 36 00:02:04,07 --> 00:02:07,08 It also does IPS functions 37 00:02:07,08 --> 00:02:11,02 and then they also serve as firewalls 38 00:02:11,02 --> 00:02:13,08 and anti-malware software. 39 00:02:13,08 --> 00:02:17,09 Security information and event management, or SIEM, 40 00:02:17,09 --> 00:02:20,09 collects network security-relevant data 41 00:02:20,09 --> 00:02:24,06 from many sources, including firewalls, 42 00:02:24,06 --> 00:02:29,06 IDSs, IPSs and log servers. 43 00:02:29,06 --> 00:02:33,04 SIEM offers powerful visualization options 44 00:02:33,04 --> 00:02:37,02 to correlate diverse network security data 45 00:02:37,02 --> 00:02:39,09 and allows network security personnel 46 00:02:39,09 --> 00:02:42,03 to make informed decisions 47 00:02:42,03 --> 00:02:44,09 on various cybersecurity threats. 48 00:02:44,09 --> 00:02:49,06 A UTM solution can have a SIEM feature too. 49 00:02:49,06 --> 00:02:54,01 Although a signature-based IDS is more common, 50 00:02:54,01 --> 00:02:58,04 more and more IDSs combine both signature-based 51 00:02:58,04 --> 00:03:01,03 and behavior-based approaches. 52 00:03:01,03 --> 00:03:04,02 With the recent advances in machine learning, 53 00:03:04,02 --> 00:03:06,09 behavior-based IDS solutions 54 00:03:06,09 --> 00:03:09,09 are gaining more traction. 55 00:03:09,09 --> 00:03:13,04 Whether it's standalone or built in 56 00:03:13,04 --> 00:03:15,07 as part of another product, 57 00:03:15,07 --> 00:03:21,00 an IDS is an essential element of your network defense.