Analyze the strengths of an IDPS with respect to intrusion detection:
• Monitoring and analysis of system events and user behaviors.
• Testing the security states of system configurations.
• Baselining the security state of a system and then tracking any changes to that baseline.
• Recognizing patterns of system events that correspond to known attacks.
• Recognizing patterns of activity that vary statistically from normal activity.
• Managing operating system audit and logging mechanisms and the data they generate.
• Alerting appropriate staff by appropriate means when attacks are detected.
• Measuring enforcement of security policies encoded in the analysis engine
• Providing default information security policies.
• Allowing people who are not security experts to perform important security monitoring functions.