Protect Your Information with Intrusion Detection (Power)
Intrusion detection systems can and should be used for collecting proof of unauthorized activity. They provide the following functional capabilities:
-
Logging events that take place during an attack, and saving this information for future analysis
-
Imitating non-existent applications in order to deceive the intruder (the so-called deception mode)
-
Enhanced analysis of the log files created by the system and application software, database servers, web servers, and so on
-
The possibility of investigating security events before taking any specific action
-
Obtaining information on the intruder, including his DNS, MAC, NetBIOS, and IP addresses