Intrusion detection aids in reacting to network infrastructure incursions. Derivatively, the main value of intrusion detection is early incident or event awareness and subsequent, timely intervention resulting in a loss experience that is less than what might otherwise ensue from a security breach. “After all of the access control rules are implemented and the software is updated and patched, an IDS should provide the ability to determine if and when security controls have been bypassed.” Consequently, the primary IDS purpose is to provide the ability to view IT activity in real time and to identify unauthorized IT activity.
Davis, Robert E. IT Auditing: Assuring Information Assets Protection. Raleigh: Lulu.com, 2010.