No security infrastructure that relies on a single prevention mechanism is complete. Some types of activity can only reliably be detected at the host level. A clever attacker can use tools to take control of a legitimate system to use as a source of attacks, further hiding activities by using only encrypted network protocols such as SSL preventing network based IDS/IPS from being able to detect the malicious activity. Malicious activity contained with encrypted network protocols cannot be detected by Network Intrusion Detection System (NIDS). Host Intrusion Prevention Services, or HIDS/HIPS is therefore required to mitigate this vulnerability. Host-based Intrusion Detection & Prevention resides on the host and monitors the device at the operating system and application levels. This is extremely desirable because it is the applications and operating systems that are the direct targets of malicious attacks. The host sensor uses a variety of techniques to detect attacks and misuse on a protected system. These techniques include analyzing the security event log, checking the integrity of critical system files or checking the operating system kernel for compromises such as buffer overflows and denial of service. This hybrid analysis approach ensures that no misuse or attack goes undetected.

Perimeter's 24/7 Secure Operations Center Analysts deploy and manage the Host Intrusion Prevention & Detection devices. These devices identify and prevent malicious behavior, thereby eliminating known and unknown ("Day Zero") security risks and helping to reduce operational costs. They aggregate and extend multiple endpoint security functions by providing host intrusion prevention, distributed firewall capabilities, malicious mobile code protection, operating system integrity assurance, and audit log consolidation, all within a single product. Because they analyze behavior rather than relying on signature matching, it provides robust protection with reduced operational costs.

Host Intrusion Detection & Prevention goes beyond conventional endpoint security solutions by identifying and preventing malicious behavior before it can occur, thereby removing potential known and unknown security risks that threaten enterprise networks and applications. Because the device analyzes behavior rather than relying on signature matching, its solution provides robust protection with reduced operational costs. The service aggregates and extends multiple endpoint security functions by providing host intrusion prevention, distributed firewall, malicious mobile code protection, operating system integrity assurance, and audit log consolidation all within a single agent.

Click here to learn more about our Host Intrusion Detection and Prevention Service