Intrusion Detection Systems (IDS) monitor the network and watch for patterns of traffic that match a predefined set of rules that indicate malicious activity. Some IDS systems also have the ability to look for patterns of network traffic that may not match a rule, but still indicate malicious activity. IDS systems alert on these events, but otherwise do not interfere with network traffic. Another type of system, Intrusion Prevention Systems (IPS), use the same rules or technologies to detect malicious activity, but go a step further in blocking the traffic before it can reach its destination.
Intrusion Detection Systems are an important part of a defense-in-depth strategy. IDS systems can detect attacks directed against your systems and allow for additional controls to be put in place to mitigate the attack. If the IDS system is behind, or part of the firewall, it can alert you if malicious traffic gets past the firewall. IPS systems take this further and can take some of the work off the firewall or block attacks not blocked by the firewall.
Organizations are expected to have a comprehensive IDS/IPS deployment protecting the perimeter of the network. Some organizations also look for IDS/IPS to be in place to protect high value assets on internal networks, These IDS/IPS devices should be placed on network boundaries between high value networks and client system networks or external networks.
Single sign-on (SSO) allows a user to authenticate to one system and leverage this to use a different system. There are many different technologies that can be used to connect the systems for authentication purposes. These include SAML, OAuth, or OpenID.
Single sign-on gives more control back to the organization by allowing them to control the accounts. This control can include who has access, password or other authentication policies, and ensure that access is removed if the employee leaves the organization. SSO also reduces the number of passwords that users have to remember, and decreases the chances that the additional passwords are stored insecurely or that the same password is reused where it may be compromised when used in the external system.
Organizations want to be able to authenticate against their internal authentication system. They want a standards based authentication mechanism which may include SAML, OpenID, OAuth, OAuth2, or other such open mechanisms. Companies want to be assured that the method is secure and that it does not require development and support on their end. There will always be an element of support, but it is minimized by using standard authentication mechanisms.