---

---

ICSA, Inc. For more information, call 888-396-8348                 3 An Introduction to Intrusion Detection and Assessment Systems and networks are subject to electronic attacks. The increasingly frequent attacks on Internet- visible systems are attempts to breach information security requirements for protection of data. Vulnerability-assessment tools check systems and networks for system problems and configuration errors that represent security vulnerabilities. Intrusion-detection systems collect information from a variety of vantage points within computer systems and networks and analyze this information for symptoms of security breaches. Both intrusion-detection and vulnerability-assessment technologies allow organizations to protect themselves from losses associated with network security problems. The market for intrusion-detection products, driven by reports of steadily increasing computer security breaches, has grown from $40 million in 1997 to $100 million in 1998. Intrusion-detection is the logical complement to network firewalls, extending the security management capabilities of system administrators to include security audit, monitoring, attack recognition, and response. Intrusion detection systems perform a variety of functions: •  Monitoring and analysis of user and system activity •  Auditing of system configurations and vulnerabilities •  Assessing the integrity of critical system and data files •  Recognition of activity patterns reflecting known attacks •  Statistical analysis for abnormal activity patterns •  Operating-system audit-trail management, with recognition of user activity reflecting policy violations Benefits of intrusion-detection and vulnerability-assessment products include the following: •  Improving integrity of other parts of the information security infrastructure •  Improved system monitoring Executive Summary