Making Effective Use of Your Intrusion Detection System

by Jamie Riden
Oct. 2, 2017 1 comment Infosecwriters Detection & Response

More and more network administrators are starting to deploy Intrusion Detection Systems to watch for compromises on their internal networks. However, merely deploying an IDS may not make that much difference to the overall security of the network. The IDS must be tuned to reduce the number of false positives, and to catch as many genuine attacks as possible. Then an analyst must be available to monitor the alert stream and appropriate action must be taken to deal with alerts. Without effective response, the IDS will be of little use. In this article we talk about optimal IDS placement in your organisation, how to correlate alerts with other data sources, how to tune the IDS rule sets and how to respond to a variety of alert types.

http://www.infosecwriters.com/Papers/Jriden_Effective_NIDS.pdf

Avatar
ariadnalunguco 4 months, 1 week ago

The detection system requires organisation and discipline, this is what I know from my personal experience. Good article and good points!

Reply