Contact Us

Contact Us

Please get in touch using the form below

1000 characters left
View our privacy policy

Overview

Monitor hosts within your network for evidence of suspicious threat activity

With cyber threats now more pervasive than ever, having the capability to detect attacks that bypass perimeter security is essential. Host-based intrusion detection systems (HIDS) help organisations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches.

Definition

What is HIDS?

Host-based intrusion detection systems help organisations to monitor processes and applications running on devices such as servers and workstations. HIDS tracks changes made to registry settings and critical system configuration, log and content files, alerting to any unauthorised or anomalous activity.

HIDS technologies are ‘passive’ in nature, meaning their purpose is to identify suspicious activity, not prevent it. For this reason, HIDS solutions are often used in conjunction with intrusion prevention systems (IPS), which are ‘active’.

For organisations that want to achieve deeper security visibility, host-based intrusion detection systems are commonly deployed alongside network-based intrusion detection systems (NIDS) and SIEM solutions, which aggregate and analyse security events from multiple sources.

Info

How does HIDS work?

To detect threats, host-based intrusion detection systems require sensors known as ‘HIDS agents’, to be installed on monitorable assets.

A HIDS system utilises a combination of signature-based and anomaly-based detection methods. Signature-based detection compares files against a database of signatures that are known to be malicious. Anomaly-based detection analyses events against a baseline of ‘typical’ system behaviour.

Host-based intrusion detection systems can identify a wide range of threats, including:

  • Unauthorised login and access attempts
  • Privilege escalation
  • Modification of application binaries, data and configuration files
  • Installation of unwanted applications
  • Rogue processes
  • Critical services that have been stopped or failed to run

What our customers say

4.8/5 - based on 53 Reviews
“Redscan’s security experts work hand in hand with our in-house team, providing us with the insights we need to identify and eliminate threats across our environment 24/7.
IT Security & Infrastructure Director
“Thanks to Redscan, we’re in an infinitely better place now. We have got more visibility than we ever had, and critically, in all the right places. I can now sleep easy knowing that Redscan’s expertise is protecting our business.”
Head of Technology & Cybersecurity
Housebuilding Company
“With so much organisational change, this is a time of incredible pressure on our small team. Partnering with Redscan is making it easier for us to address the security challenges of business consolidation.”
Head of IT Security
Global Plastics Manufacturer
“Redscan staff are always on hand to provide swift, clear advice. They help us keep a constant eye on our network and respond quickly to incidents to ensure systems remain operational.”
IT Director
Private Hospital
“I can offer a higher level of assurance at board level about our information security now. Redscan gives us a broader lens on a complex and changing environment.”
IT Director
Global Asset Manager
“We now know we’ve got eyes on our critical assets and that those events are being looked at, scrutinised, triaged and qualified as legitimate or false positives. That is night and day in contrast with where we were before our relationship with Redscan.”
Head of Technology & Cybersecurity
Housebuilding Company
"Redscan's cost effective service gives us peace of mind that we are doing all we can to protect our clients, our business, our staff, our counterparties and other partners."
Head of IT Infrastructure
Asset Management Firm
“Faster incident alerting enables us to better understand what is going on in our network and react more quickly. From an advice side of things, it’s great to be able to talk to knowledgeable people and discuss solutions to help mitigate our security risks.”
Head of IT Security
Global Plastics Manufacturer
“With Redscan, we are able to understand and quickly identify any threats. Redscan’s support gives us the freedom to feel more secure and be more productive.”  
Head of IT
Global Shipping Company
“By working in partnership with Redscan, we have significantly improved our operational resilience.”  
Head of Cyber Security
Specialist bank
“Thanks to Redscan we now have a solution that gives us the ability to monitor, isolate and eliminate threats across our IT infrastructure.”
Head of IT
Private Hospital
“The personal approach is something I noticed from my first engagement with Redscan and it is still true today. We have 30 locations worldwide and it is valuable to have a third party being proactive in identifying potential security issues.”
Head of IT
Global Shipping Company
“Services like these are few and far between.”
Head of IT Infrastructure
Asset Management Firm
“I value the fact that Redscan aggregates insight about the cyber-attacks it sees on other customers and retrospectively applies it to other organisations, so we all benefit from that knowledge.”  
Head of Cyber Security
Specialist bank
"Our partnership with Redscan has been one of the most successful that we have ever undertaken"
IT Director
Global Asset Manager

FIM

File integrity monitoring

File integrity monitoring (FIM) is an important feature of host-based intrusion detection technologies. FIM tracks access and modifications made to important files, creating an audit trail that can be used to validate the integrity of systems and data.

FIM is a requirement of regulations and standards such as the PCI DSS, which requires organisations that process card payments to track and monitor access to network resources and cardholder data.

A person choosing from a range of Managed Security Services

Managed Detection and Response

Why choose a Managed Detection and Response service?

While host-based intrusion detection is undoubtedly an effective way to detect attacks targeting host devices, maximising its potential requires a significant amount of time and effort.

If not properly maintained, host-based intrusion detection systems have the potential to generate hundreds of daily alerts. Security monitoring is a 24/7 task but with many organisations lacking the resources to analyse and investigate every notification, alert fatigue can quickly set in, which can lead to important security incidents being missed or overlooked.

A Managed Detection and Response service helps to overcome these and other security challenges. It achieves this by supplying experienced security experts to deploy, configure and monitor intrusion detection systems, providing the security outcomes you need and freeing up in-house teams to focus on other important tasks.

About us

Why choose Kroll?

  • A leading global MDR company
  • Red and blue team CREST CSOC expertise
  • High-quality intelligence and actionable outcomes
  • Quick and hassle-free service deployment
  • An agnostic approach to technology selection
  • Avg. 9/10 customer satisfaction, 95% retention rate

Get in touch

Complete the form for a prompt response from our team.

Two Redscan team members analysing cyber security intelligence

1000 characters left
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
25th March 2024
UK government finds 75% of UK businesses experienced a cyber incident in 2023
According to new figures published by the UK government, no less than three-quarters of UK businesses and 79% of charities experienced a cybersecurity incident in the past 12 months, with only limited improvements in organisations’ cybersecurity posture between 2022 and 2023.
18th March 2024
Prioritise the security of perimeter products, says NCSC
Securing perimeter products must be a priority for organisations as threat actors are increasingly targeting insecure self-hosted products at the corporate network perimeter, according to the UK's National Cyber Security Centre (NCSC).
4th March 2024
Insider threats an increasing concern for UK companies
More than half of UK business decision-makers surveyed for a new study stated that they were concerned about the likelihood of their employees being approached by cybercriminals, leading to a rise in insider threats.    
26th February 2024
78% of organisations hit by repeat ransomware attacks after paying
A new report shows that almost four in five organisations that paid a ransom demand were hit by a second ransomware attack, often by the same threat actor. Almost two-thirds (63%) of those organizations were asked to pay more the second time.