What does a Network-based IDS (NIDS) do?

A Network-based Intrusion Detection System (NIDS) is specifically designed to monitor and analyze network traffic for suspicious activity and potential intrusions. It functions by examining data packets as they travel across the network, identifying patterns or signatures that may indicate an attack or unauthorized access. This capability is crucial for detecting threats in real-time and allowing for prompt responses to mitigate potential incidents.

NIDS operates at the network level, thus providing visibility across multiple devices and systems without having to rely on agents installed on individual hosts. This central monitoring ability is what distinguishes it as an effective solution for identifying intrusions happening across an entire network rather than being limited to a single point of entry.

The other options, while related to network security, do not accurately describe the primary function of a NIDS. Monitoring individual hosts is the role of a Host-based IDS (HIDS), hardware security typically concerns firewalls or intrusion prevention systems, and network mapping relates to vulnerability assessments rather than the detection of ongoing malicious activities.