Host IDS versus Network IDS

In general, the advantage of implementing a host intrusion detection
system outweigh those of a network intrusion detection system, especially
when it comes to dealing with encrypted transmissions. This is
primarily because encryption protocols are more easily handled when
dealing with either SSL or VPN connections through the firewall.

HIDS can look at the data transmission after it is deciphered. NIDS
cannot, because the IDS agent itself sits on the component. This means
that the encrypted data channel is sent right along through the network
without having first been checked for attack patterns.