Also known as IDS. A device or software application that monitors network traffic for malicious activity or policy violations. Such activities or violations are typically reported to an administrator or logged centrally via a security information and event management (SIEM) system. Unlike an intrusion prevention system (IPS), which not only scans and analyzes traffic but also takes automated actions in response to threats, an IDS merely scans traffic and reports back on the threats it detects.
Most network-based IDSes detect malicious activity by comparing traffic patterns to pre-defined signatures or by using heuristics to detect deviations from known normal behavior.