What is Intrusion Detection System (IDS)?

Definition

IDS

What is Intrusion Detection System?

A monitoring system that analyzes network traffic or host activity for signs of malicious behavior and generates alerts when suspicious patterns are detected. Network-based IDS (NIDS) monitors traffic across a network segment; host-based IDS (HIDS) monitors activity on individual endpoints. Unlike an IPS, an IDS is passive — it detects and reports threats but does not block them, making it a detective rather than a preventive control.

A platform that aggregates, normalizes, and correlates security event data from across an organization's infrastructure to support threat detection, incident investigation, and compliance reporting.

Firewall →

A network security control that monitors and filters traffic between networks based on predefined security rules.

Blue Team →

The defensive security team responsible for protecting an organization's assets, detecting attacks in progress, and responding to security incidents.

Defense in Depth →

A security strategy that layers multiple independent controls so that the failure of any single control does not result in a complete breach.

Put this into practice

AI penetration testing for web applications →

See how Penetrify's autonomous AI agents find and validate this class of security issue in your application.

What is Intrusion Detection System?

Related terms