Search for abnormal access to information and systems (timeframes, applications, data…)
Internal IDS (Intrusion Detection Systems) allow the detection of abnormal actions that would otherwise be lost in the network traffic. They provide precise indicators for upstream detection of certain suspicious activities.
The upstream detection of activities judged to be irregular strongly increases the probability of subsequent effective mitigation. It also provides post-incident indications of how an attack took place.