Host-Based
Intrusion Prevention System (HIPS)
Host IPS for EndPoint Devices
'EndPoint' (desktops, laptops, servers, storage appliances, and smartphones on and off the network)
'HIPS' generally utilises different technologies: from signature-based anti-virus / anti-spyware / anti-malware, sandbox and host firewalls to behaviour analysis.
Protection against malware, advanced attacks and zero-day threats and is recommended in high-enforcement mode for servers, point-of-sale and fixed-function devices, as well as high risk desktop and laptop devices containing sensitive information.
Detect
Process / Application Behaviour Monitoring
> Unidentified viruses and
suspicious behaviour.
> Analyses behaviour of the programs / applications running on the
system.
> Detect and block activity which appears to be malicious. Blocks
malicious programs before execution
> Detect buffer overflow attacks
|
> Registry Monitor:
Suspicious behaviour may include changes to
the registry that could allow a virus to run automatically when the computer
is restarted.
> Block, control and filter malicious content from websites
> Set action policies to 'alert' or 'block'
|
Protect
Sandboxing
Sandbox is an isolated operating environment for unknown and untrusted applications. Running an application in the sandbox means that it cannot make permanent changes to other processes, programs or data on your 'real' system.Sandbox functionality supports other integrated firewall and anti-virus features on the host system.
Application Whitelisting
Whitelist applications, to prevent all programs running, other than the ones specified.
Unknown programs or applications can be submitted to global SOC team for checking against their database or tested for verification.
Default-Deny: Policy-driven approach to whitelisting allows only software you trust to run and treats everything else as suspicious. To minimise end-user impact, three levels of “Default-Deny” protection:
Low enforcement: Records all device activity but allows all programs to run uninterrupted by default, unless explicitly banned by IT. IT can set up alerts to be notified of suspicious activity.
Medium enforcement: End-user approval is required before any unauthorised application can run. User-driven approvals are limited to only that end-user’s machine. All device activity is recorded and logged for IT.
High enforcement: Allows only software IT has approved as trusted to run, all other software requires explicit approval. All device activity is recorded and logged for IT.
Host Firewall
The firewall places a barrier between the computer and external systems. All information traveling to and sometimes from the computer must pass through the host firewall prior to being fully processed. Necessary ports are left open and unused ports are closed, eliminating the risk of infection through unnecessary ports.Intrusion Prevention Solution Platforms
- Windows, Linux and Mac, virtualised platforms
- Software
- Cloud-based service
- Hybrid of host software and cloud service
(move file processing to the cloud to save host performance degradation)
P: +44(0)7714 209927
S: +44(0)1273 329753
| 
info@securenetconsulting.co.uk
|