Bulletproof’s range of cyber security, data protection and compliance services are your best defence against threats to your business. With nearly a decade of providing trusted security services, we’re continuing our mission of solving the greatest cyber security & compliance challenges through innovation and simplicity. Explore our range of services and find out how Bulletproof can help your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you.
Discover CREST penetration testing & continuous security
Internal & external infrastructure, network & system testing
Manage multiple tests & get external security assurance
Thoroughly assess your web apps & APIs for security flaws
Test your response to a simulated real-world cyber attack
All cloud platforms & services tested, including Azure & AWS
Test your human cyber defences with social engineering
Android, iOS & custom mobile application security testing
Find out more about penetration testing – what it is, when you need it, and why it’s a core component of any business. Discover how pen test helps with compliance, powers best practices, and helps your organisation win new business.
Gap analysis, implementation, audits & more from GDPR experts
On-going support to easily manage your data protection obligations
Consultant-led support to meet all levels of DSPT submission
Flexible & engaging data protection training from certified experts
Get peace of mind that your data protection is being managed by trusted, certified consultants. All Bulletproof data protection services are delivered by our highly trained, experienced and qualified staff.
Gap analysis, implementation, audits & more from dedicated ISO consultants
Find the next step in your strategy with this consultant-led assessment
Get quick & easy CE certification with a range of feature-packed packages
Flexible access to top-tier information security strategy & management
Experienced SOC 2 consultants, AICA audits & compliance automation platform
On-site, remote and video-based security training to boost your resilience
Affordable expertise & support to help you meet & maintain PCI DSS compliance
Go beyond compliance with information security services that are designed to give real operational benefits to your business. All delivered by seasoned, certified Bulletproof security consultants.
24/7 defence against cyber attacks with proactive threat detection
Get help responding & recovering from cyber incidents
Detect, analyse and stop cyber attacks with real-time prevention
Forensic support & data recovery following cyber attacks
Stay on top of new vulnerabilities with powerful, flexible scanning
Evaluate your wireless network for security weaknesses
Discover how your business can identify & manage cyber threats
Comply with regulations, meet certification standards & best practices
Train and test your staff for security resilience, data protection & compliance
No matter what your cyber or compliance challenges, Bulletproof is here to help. We like to work with you as a trusted partner to solve problems, not sell services. No pressure tactics and no false promises.
Learn about our mission to make cyber & compliance accessible to all
Grow your business with high-margin, high-value & partner-ready services
Become part of the Bulletproof team & supercharge your career
Bulletproof’s in-house SOC powers our Managed SIEM & MDR services
We love to talk. Tell us about your cyber & compliance challenges
At Bulletproof we love to solve problems with simplicity & innovation. It’s our mission to make compliance & cyber security services accessible to all. We take pride in building and nurturing teams of exceptional talent, so we’re confident that our cyber security & compliance services are the best way to stay one step ahead of the hackers and protect your business.
Helping people solve their security challenges is what we do, so we’re always keen to hear from you, no matter what you have to say.
Get the latest news, views & expert insight in the world of cyber security, data protection & compliance
A helpful index of cyber security terms, compliance acronyms and industry terminology to make life easy
Discover what we have to say about the threat landscape & what businesses need to know to get ahead
Find out how we can make companies like yours Bulletproof. Don’t take our word for it, hear direct from our clients
Detailed insights & helpful tips for understanding penetration testing, data protection & more
Interesting data & top tips at a glance, with insightful infographics covering all areas of cyber security & compliance
Watch our experts talk through their thoughts & opinions on a variety of security & compliance topics
See when & where we’re going to be bringing Bulletproof insight to an event near you
Ayisha Bari
Find out what ransomware is, how attacks work & types of attack to help you get started with keeping ransomware out of your business.
Read More
Most perceptive business owners understand that cyber security is now more critical than ever and want to put measures in place to prevent malicious attacks. However, knowing which security capabilities should be implemented to ensure a secure network isn't always straightforward. A Network Intrusion Detection System (NIDS) is one such technology that should be a part of any effective security system.
In this guide, you will gain a better understanding of NIDS, what it does and how it compares against similar security technologies. But before we discuss NIDS, we should define what intrusion detection systems (IDS) are.
An intrusion detection system is designed to continually monitor a network or host device to detect threats. Any suspicious activity or security policy violation that is flagged will be reported to the system administrator.
As a basic analogy, you can compare an intrusion detection system to an alarm system in a building used for physical security. When the alarm goes off, it indicates that potentially some sort of malicious activity is occurring. However, the alarm doesn't actually provide security in and of itself, and this is the same with IDS -- it just identifies the threat and reports it. They can also both report false alarms and be bypassed by malicious attackers with the right tools and knowledge.
There are two types of IDS: NIDS, a network-based intrusion detection system and HIDS, a host-based intrusion system. In this guide, we focus on NIDS, but we will look at host intrusion detection to compare the two.
A Network-Based Intrusion Detection System (NIDS) monitors network traffic patterns to detect suspicious activity. Sensors are placed at strategic check points, such as the DMZ or behind a firewall analysing each individual packet (inbound and outbound) for malicious activity. It is crucial to consider where the sensors are placed to allow them the most visibility. A single sensor can monitor several hosts, but multiple NIDS might be required depending on the amount of traffic going to and from all network devices.
If abnormal traffic is found, the NIDS will send an alert to the administrator to investigate. Abnormal behaviour could include network-level Denial of Service attacks, port scanning, or a sharp increase in network traffic.
Network Intrusion Detection offers a range of security options, but it has its flaws, just like any other security solution.
There are two types of NIDS: one works by detecting signatures of known attacks and the other identifying anomalies from normal behaviour.
Signature-based IDS monitor network traffic and attempt to match them against a known database of IOCs (Indicators Of Compromise). If any traffic activity corresponds to a known attack signature, such as a malicious domain, specific network attack behaviour, known malicious IP address, or email subject line, it will alert the system administrator. A significant limitation of signature-based NIDS is that malicious actors never sleep; they are always looking to stay one step ahead of the game. The signature database must be regularly updated with a list of known indicators of compromise. Also, cybercriminals can often avoid detection from signature-based IDS by modifying threat intrusion patterns, or by encryption.
Anomaly-based NIDS work in a different way that complements the signature-based method. Rather than looking for a known signature, it monitors network traffic, using AI and machine learning to understand what is 'normal traffic' through such methods as statistical analysis. Once it has learned what represents normal behaviour, it can identify abnormal behaviour more efficiently and send a report once detected.
Signature-based NIDS tend to be the more reliable of the two, providing less false-positive results, as the potential threats are based on known signatures. However, Anomaly-based NIDS have the advantage of being able to identify unknown threats such as zero-day attacks that would be impossible to detect by signature-based systems. Most NIDS combine both anomaly-based and signature-based detection to establish a complete system.
The two types of intrusion detection systems are host-based and network-based. A Host-based Intrusion Detection System (HIDS) is installed on a single host such as a computer, server or other endpoints in contrast to NIDS which is installed across a network.
The advantage of a Network Intrusion Detection System is that it can secure a large number of devices from a single network location. For most enterprises, this is the easiest of the two to deploy and the least expensive option. In contrast, a HIDS needs to be deployed and managed for each host on the network.
NIDS are also quicker to respond to potential threats than HIDS, as they are monitoring packet headers going across the network in real-time. This isn't to say that HIDS are ineffective; they excel in identifying insider threats such as detecting file permission changes.
HIDS will provide a second line of defence detecting attacks that NIDs might have failed to spot. For this reason, using both in conjunction would be the most robust IDS strategy.
Intrusion detection systems, NIDS and HIDS, are designed to monitor, detect and report suspicious activity. Intrusion Prevention Systems (IPS) will scan for malicious activity and take steps to block the action from occurring. So, to put it simply, NIDS are deployed on a network passively to identify threats, a NIPS (Network-based Intrusion Prevention System) will attempt to stop the attack.
The reason that some enterprises prefer NIDS rather than NIPS is that when a NIPS flags events as false positives, in other words, normal activity erroneously detected as an attack will block this normal traffic. If this occurs regularly, it can negatively impact a business. In contrast, NIDS will alert the system administrator of the false-positive who would validate that it is normal activity.
The best solution is for a business to deploy both intrusion detection and prevention capabilities to monitor, detect and prevent network security threats.
Firewalls and NIDS share the commonality in that they can both be deployed as security solutions to protect a network. However, NIDS passively monitors for potential cyber threats and alerts someone to deal with the reported incident. NIDS, as we've previously discussed, offers no protection to the network. A firewall is more similar to an intrusion protection system and blocks or allows network traffic based upon a set of predefined security rules.
Many of the Next Generation Firewalls (NGFW) have additional integrated features such as IDS and IPS, making them a much more sophisticated cyberthreat solution beyond the traditional firewall.
It should be understood that a Network Intrusion Detection System isn't a standalone solution that will protect your business from cyber-attacks. Instead, NIDS should be one part of a comprehensive suite of security tools to safeguard and countermeasure against malicious threats. These will typically include; anti-virus, firewalls, and both IDS and IPS.
Joe is a blogger and security evangelist who’s been raising the profile of cyber security for a decade. He writes about a variety of cyber and compliance topics, with a keen eye on translating events and data into valuable customer insights. Never boring, sometimes controversial, always insightful.
Bulletproof your business with our next-generation, multi-layered cyber protection that combines managed SIEM with human insight and intelligence.
If you are interested in our services, get a free, no obligation quote today by filling out the form below.
I'd like to receive Bulletproof communications about relevant services and events
For more information about how we collect, process and retain your personal data, please see our privacy policy.