-
Notifications
You must be signed in to change notification settings - Fork 3
HIDS Explained
Host-based intrusion detection systems (HIDS) work by monitoring activity occurring internally on an endpoint host. HIDS applications (e.g. antivirus software, spyware-detection software, firewalls) are typically installed on all internet-connected computers within a network, or on a subset of important systems, such as servers. This includes those in public cloud environments.
HIDS search for unusual or nefarious activities by examining logs created by the operating system, looking for changes made to key system files, tracking installed software, and sometimes examining the network connections a host makes.
The first HIDS systems were basic, usually just creating MD5 hashes of files on a recurring basis and looking for discrepancies, utilizing a process dubbed file integrity monitoring (FIM). Since then, HIDS have grown far more complex and perform a variety of useful security functions and will continue to grow. This includes modern Endpoint Response (EDR) capabilities.
If your organization has a compliance mandate, such as for PCI DSS, HIPAA, or ISO 27001, then you may require HIDS to demonstrate file integrity monitoring (FIM) as well as active threat monitoring.