See how AnchorPoint’s Integrated Threat Response (ITR) makes host intrusion detection easy.
For getting detailed information about what’s happening on your critical systems, nothing beats Host Intrusion Detection Systems (HIDS).
With AnchorPoint’s ITR, the host IDS picks up where the network IDS leaves off, monitoring individual hosts and analyzing data such as operating system log files, changes to system files and software, and network connections made by the host.
With host intrusion detection, you gain granular visibility into the systems and services you’re running so you can easily detect:
The HIDS agent deployed as part of AnchorPoint’s ITR service looks for suspicious or malicious activity on individual hosts. It analyzes operating system log files, looking for changes to system files and software, as well as network connections made by the host.
The host intrusion detection system (HIDS) component in ITR is simple to set up:
The AnchorPoint HIDS runs on most major operating systems, allowing you to deploy one tool across your heterogeneous environment. Supported OS include:
With ITR, the host intrusion detection system comes integrated out-of-the box with a host of additional security tools. AnchorPoint’s ITR service delivers a complete view into the security of your environment by combining SIEM with automated asset discovery, vulnerability data, visibility to netflow data, network IDS, host IDS and visibility to known malicious hosts.
When an attacker or malware changes the attributes of a file, like in a CryptoLocker or ransomware type attack, the HIDS agent within the AnchorPoint ITR deployment can quickly detect the change and our Security Operations Center (SOC) can alert you. With ITR’s built in threat signatures and correlation directives, our SOC Analysts can then intelligently respond to attacks in little time.
ITR’s host intrusion detection technology protects the data collected by the HIDS agents by utilizing a client/server architecture. Because an attack could compromise the HIDS agent at the same time it compromises the OS, it’s essential to store the forensic and security data centrally, away from the host. This safeguard prevents the data from being altered or obfuscated to avoid detection.
With the core data sources already built-in, our 2000+ event correlation rules are already “fine tuned” and optimized, at the time of deployment.
If you’re still trying to meet PCI DSS requirements for log inspection and monitoring (section 10) or File Integrity Monitoring (section 10 and 11), AnchorPoint HIDS is for you. You can deploy lightweight HIDS agents on your critical systems, and our Security Operations Center (SOC) will correlate suspicious and malicious activity and combine that analysis from the other included security controls.
All you need to know about an incident is captured in each alarm, including asset information (such as OS, software, and identity), vulnerability data, visibility to netflow data, raw log data, and more.
Any packet that triggers an IDS signature is automatically captured and displayed with the IDS event. Session monitoring and packet capture can then be invoked for more extensive forensic investigation.