In this paper early detection of distributed attacks are discussed that are launched from multiple sites of the hybrid & public cloud networks. A prototype of Cloud Distributed Intrusion Detection System (CDIDS) is discussed with some basic experiments. The summation of security alerts has been applied which helps to detect distributed attacks while keeping the false positive at the minimum. Using the summation of security alerts mechanism the attacks that have slow iteration rate are detected at an early stage. The objective of our work is to propose a Security Management System (SMS) that can detect malicious activities as early as possible and camouflaging of attacks under the conditions when other security management systems become unstable due to intense events of attacks.