Overview
Monitor hosts within your network for evidence of suspicious threat activity
With cyber threats now more pervasive than ever, having the capability to detect attacks that bypass perimeter security is essential. Host-based intrusion detection systems (HIDS) help organisations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches.
Definition
What is HIDS?
Host-based intrusion detection systems help organisations to monitor processes and applications running on devices such as servers and workstations. HIDS tracks changes made to registry settings and critical system configuration, log and content files, alerting to any unauthorised or anomalous activity.
HIDS technologies are ‘passive’ in nature, meaning their purpose is to identify suspicious activity, not prevent it. For this reason, HIDS solutions are often used in conjunction with intrusion prevention systems (IPS), which are ‘active’.
For organisations that want to achieve deeper security visibility, host-based intrusion detection systems are commonly deployed alongside network-based intrusion detection systems (NIDS) and SIEM solutions, which aggregate and analyse security events from multiple sources.
Info
How does HIDS work?
To detect threats, host-based intrusion detection systems require sensors known as ‘HIDS agents’, to be installed on monitorable assets.
A HIDS system utilises a combination of signature-based and anomaly-based detection methods. Signature-based detection compares files against a database of signatures that are known to be malicious. Anomaly-based detection analyses events against a baseline of ‘typical’ system behaviour.
Host-based intrusion detection systems can identify a wide range of threats, including:
- Unauthorised login and access attempts
- Privilege escalation
- Modification of application binaries, data and configuration files
- Installation of unwanted applications
- Rogue processes
- Critical services that have been stopped or failed to run
What our customers say
FIM
File integrity monitoring
File integrity monitoring (FIM) is an important feature of host-based intrusion detection technologies. FIM tracks access and modifications made to important files, creating an audit trail that can be used to validate the integrity of systems and data.
FIM is a requirement of regulations and standards such as the PCI DSS, which requires organisations that process card payments to track and monitor access to network resources and cardholder data.
Managed Detection and Response
Why choose a Managed Detection and Response service?
While host-based intrusion detection is undoubtedly an effective way to detect attacks targeting host devices, maximising its potential requires a significant amount of time and effort.
If not properly maintained, host-based intrusion detection systems have the potential to generate hundreds of daily alerts. Security monitoring is a 24/7 task but with many organisations lacking the resources to analyse and investigate every notification, alert fatigue can quickly set in, which can lead to important security incidents being missed or overlooked.
A Managed Detection and Response service helps to overcome these and other security challenges. It achieves this by supplying experienced security experts to deploy, configure and monitor intrusion detection systems, providing the security outcomes you need and freeing up in-house teams to focus on other important tasks.
About us
Why choose Kroll?
- A leading global MDR company
- Red and blue team CREST CSOC expertise
- High-quality intelligence and actionable outcomes
- Quick and hassle-free service deployment
- An agnostic approach to technology selection
- Avg. 9/10 customer satisfaction, 95% retention rate
Get in touch
Complete the form for a prompt response from our team.
Resources
