Network intrusion detection and prevention (IDS-IPS)

Find the latest information on intrusion prevention systems (IPS) and network intrusion detection systems (IDS), including tools and tactics, how to manage host-based and network-based IDSes, minimizing false positives, and how to use intrusion detection methods and devices.

August 20, 2019 20 Aug'19
Why is patch management important?

Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important.
August 05, 2015 05 Aug'15
Security machine learning methods needed to adapt to evolving threats

Data science can sort through huge data stores in order to find and stop advanced attackers and malware, but new methods are needed to make sure the machine learning keeps up with evolving threats.
June 03, 2015 03 Jun'15
Adversaries never sleep: unknown malware downloaded every 34 seconds

In its 2015 Security Report, Check Point Software has found adversaries are exploiting the ease of creating unknown malware to boost the chance of a successful attack, and sandboxing adoption may be the best way to mitigate risk.
May 21, 2015 21 May'15
Too many false positives, security alerts inundate enterprise, study says

A new study shows enterprises with security analytics are confident in their threat detection capabilities, while those without are overwhelmed by copious false positives and alerts.

Bring yourself up to speed with our introductory content

Pros and cons of an outsourced SOC vs. in-house SOC

Security operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource SOC capabilities. Continue Reading
SOAR (Security Orchestration, Automation and Response)

SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats, and respond to low-level security events without human assistance. Continue Reading
IDS/IPS quiz: Intrusion detection and prevention systems

Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Extended detection and response tools take EDR to next level

Extended detection and response tools offer new capabilities -- among them greater visibility -- to enterprises searching for better ways to protect their endpoints. Continue Reading
As network security analysis proves invaluable, NDR market shifts

IT infrastructure threat detection and response have emerged as critical elements of enterprise cybersecurity as network security analysis proves invaluable to protecting data. Continue Reading
Host IDS vs. network IDS: Which is better?

Compare host IDS vs. network IDS through the pros and cons of each, and learn how more modern systems may be better suited to ensure effective enterprise security. Continue Reading

Learn to apply best practices and optimize your operations.

7 SOC automation use cases to augment security operations

Implementing SOC automation can have far-reaching benefits for an organization's infosec program and security culture. Learn how by exploring these seven use cases of AI in SOCs. Continue Reading
The state of cybersecurity risk: Detection and mitigation

Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring? Continue Reading
How to prevent port scan attacks

The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and prevent port scanning attacks. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How to detect and defend against a TCP port 445 exploit and attacks

The WannaCry TCP port 445 exploit returned the spotlight to Microsoft's long-abused networking port. Network security expert Kevin Beaver explains how to detect and defend against such attacks. Continue Reading
Which is better: anomaly-based IDS or signature-based IDS?

Even as vendors improve IDS by incorporating both anomaly-based IDS and signature-based IDS, understanding the difference will aid intrusion protection decisions. Continue Reading
2019's top 5 free enterprise network intrusion detection tools

Snort is one of the industry's top network intrusion detection tools, but plenty of other open source alternatives are available. Discover new and old favorites for packet sniffing and more. Continue Reading