Network Intrusion Detection - Keeping Up With Increasing Information Volume

Threats to the security of a company's key business information come from many different sources. These range from natural disasters to accidental destruction or alteration malicious from activities of people inside and outside the company. The security of key business information stored on computer workstations and servers that are accessible through a local or wide area network can be enhanced through the use of various network security tools. The tools form a network security strategy called defense-in-depth. It takes firewalls, access lists in routers, network scanners, security policy, host-based Intrusion Detection Systems (IDS), and other security devices all working together to secure a network. If an attack gets through one security device, then the idea is another level will catch it. This paper focuses on one tool that is a critical part of a defense-in-depth strategy - a network-based IDS. A network-based IDS is a device (hardware or software) that detects possible intrusions onto a network by analyzing the data traversing the network and then notifying the proper individuals upon detection. This paper will detail ways to help a network-based IDS cope with the ever increasing volume of information that threatens its ability to fulfill its role in a defense-in-depth strategy.