Host Intrusion Prevention
There is a whole host of host intrusion prevention (HIPS) systems in the market place. Historically a separate technology from antivirus/antimalware software, some specific features of host intrusion prevention which are known to create a low amount of false positives (false alerts) on systems with changeable configurations such as user endpoints, are now being integrated into antivirus products to help provide increased levels of behavioural based protection above that purely of antivirus signatures, although, signatures based detection is also used in host intrusion prevention for a different reason.
Whether this technology is present in your antivirus solution, or implemented as a separate product, host intrusion prevention can when used correctly, add additional levels of protection for systems of all type, from common endpoint devices such as a standard user workstations or laptop, through to high-transaction web facing servers where the risk of compromise is high. Host intrusion prevention can have a place on a range of these devices, and the security architects at JAW Consulting UK have the expertise to understand where the use of this technology can provide increased levels of protection.
It may be that the use of host intrusion prevention can provide quick reactive protection against a new high severity software vulnerability on user endpoints, providing a ‘virtual patch’ , until an update for the software can be provided in-line with your organisations patch management strategy. Or perhaps, a high risk web server with a configuration that changes infrequently with pre-tuned predictable behaviours can be locked down with an extremely strict policy to guard against unauthorised access and file changes.
At JAW Consulting UK, our architects have the expertise on product selection, design, deployment, including signature tuning and reporting and alerts configuration, to make sure your organisation makes the most of this technology. We have experience across a number of vendor solutions and tools from McAfee Host Intrusion Prevention, Symantec Endpoint Protection, IBM ISS Real Secure Server Sensor and others.
