Contact Us

Contact Us

Please get in touch using the form below

I prefer to be contacted by:
View our privacy policy
Book a CREST penetration test today. Get a quote.

Overview

Monitor hosts within your network for evidence of suspicious threat activity

With cyber threats now more pervasive than ever, having the capability to detect attacks that bypass perimeter security is essential. Host-based intrusion detection systems (HIDS) help organisations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches.

Definition

What is HIDS?

Host-based intrusion detection systems help organisations to monitor processes and applications running on devices such as servers and workstations. HIDS tracks changes made to registry settings and critical system configuration, log and content files, alerting to any unauthorised or anomalous activity.

HIDS technologies are ‘passive’ in nature, meaning their purpose is to identify suspicious activity, not prevent it. For this reason, HIDS solutions are often used in conjunction with intrusion prevention systems (IPS), which are ‘active’.

For organisations that want to achieve deeper security visibility, host-based intrusion detection systems are commonly deployed alongside network-based intrusion detection systems (NIDS) and SIEM solutions, which aggregate and analyse security events from multiple sources.

Info

How does HIDS work?

To detect threats, host-based intrusion detection systems require sensors known as ‘HIDS agents’, to be installed on monitorable assets.

A HIDS system utilises a combination of signature-based and anomaly-based detection methods. Signature-based detection compares files against a database of signatures that are known to be malicious. Anomaly-based detection analyses events against a baseline of ‘typical’ system behaviour.

Host-based intrusion detection systems can identify a wide range of threats, including:

  • Unauthorised login and access attempts
  • Privilege escalation
  • Modification of application binaries, data and configuration files
  • Installation of unwanted applications
  • Rogue processes
  • Critical services that have been stopped or failed to run

FIM

File integrity monitoring

File integrity monitoring (FIM) is an important feature of host-based intrusion detection technologies. FIM tracks access and modifications made to important files, creating an audit trail that can be used to validate the integrity of systems and data.

FIM is a requirement of regulations and standards such as the PCI DSS, which requires organisations that process card payments to track and monitor access to network resources and cardholder data.

A person choosing from a range of Managed Security Services

Managed IDS

Why choose a managed IDS security service?

While host-based intrusion detection is undoubtedly an effective way to detect attacks targeting host devices, maximising its potential requires a significant amount of time and effort.

If not properly maintained, host-based intrusion detection systems have the potential to generate hundreds of daily alerts. IDS security monitoring is a 24/7 task but with many organisations lacking the resources to analyse and investigate every notification, alert fatigue can quickly set in, which can lead to important security incidents being missed or overlooked.

A Managed IDS service helps to overcome these and other security challenges. It achieves this by supplying experienced security experts to deploy, configure and monitor intrusion detection systems and freeing up in-house teams to focus on other important tasks.

About us

Why choose Redscan?

  • A leading UK-based MDR company
  • Red and blue team CREST CSOC expertise
  • High-quality intelligence and actionable outcomes
  • Quick and hassle-free service deployment
  • An agnostic approach to technology selection
  • Avg. >9/10 customer satisfaction, 95% retention rate

Get in touch

Complete the form for a prompt response from our team.

I prefer to be contacted by:
View our privacy policy

Resources

Discover our latest content and resources

From the blog
From the blog Case studies Latest news
13th January 2021
Hackers leak COVID-19 vaccine data
Hackers have leaked the information they stole about the COVID-19 vaccines as part of the cyber-attack targeting the European Medicines Agency which was disclosed in December 2020.
12th January 2021
Redscan CTO comments on changes to NIS Directive
Redscan's CTO was recently featured in an article on the changes the EU is planning to make to the NIS Directive. Read the article
4th January 2021
Adobe ends support for Flash Player
Adobe has ended support for Flash Player, long recognised as a significant security risk due to its high volume of critical flaws, creating the need for frequent security vulnerability patching. However, as the software still has the potential to be targeted by cyber criminals, companies must ensure they fully remove it from their systems.