What is an intrusion detection / prevention system ?
One of the main activities within security (whether physical or logical) is monitoring. Monitoring is based on the initial definition of a series of thresholds of "normal" behavior of an object (an automatic control system, a data network, a computer, a computer program, etc.) and the subsequent comparison with its status current to detect possible anomalies at a specific time. This monitoring gives rise to a continuous feedback that will allow the activation of detective and / or corrective activities aimed at re-aligning this element within the established parameters: As can be seen in the diagram, there are 3 functional blocks within the monitoring process: A source of information or object to monitor, which processes, transmits or stores data An analysis action where behavioral data from the information source will be collected and compared with the expected parameters A response to abnormal behavior, which can be passive (alert) or active (which can modify the enviro...