Xcitium Intrusion Prevention System

Host Intrusion Prevention System (HIPS) proactively identifies and prevents malicious network Intrusions.

Start your FREE Trial

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Advanced Endpoint Protection with Intrusion Detection System

The purpose of an intrusion detection system (IDS) is to monitor systems and/or network for malicious activity and/or violations of defined policies. An IDS can be hardware or a software application. A security information and event management (SIEM) system typically monitors and collects the information, which alerts the administrator to take appropriate action.

Robust cyber security solutions such as Xcitium Advanced Endpoint Protection (AEP) provide a Host Intrusion Prevention System as part of their features such as antivirus, firewall, and autocontainment.

Intrusion Detection System
Host Intrusion Detection System

Xcitium Host Intrusion Prevention System (HIPS)

The Xcitium Host Intrusion Prevention System (HIPS) is an intrusion detection system that proactively identifies and blocks malicious network intrusions. A HIPS monitors all the traffic in a network to detect threats that cannot be detected by an antivirus or firewall. Xcitium AEP employs HIPS as a part of its layered defense strategy.

Signature Method

In this method, HIPS looks and compares the real-time data flow patterns with known attack patterns. The intrusion detection system performs full real-time packet capture, and it scans each packet for known malicious patterns that signify a possible attack. Multiple login request failures, emails from known malicious sources and system port scans are examples of the signature detection methods.

Intrusion Detection System Signature Method
Intrusion Detection System Profile Baseline Method
Profile/Baseline Method

In this method, HIPS collects a data stream in a controlled network environment from a system. The controlled data flow pattern is from then onwards used as a baseline. This is then used for comparing the traffic patterns of other systems. Suspicious real-time data patterns immediately trigger preventative actions. Xcitium also employs artificial intelligence for enhanced detection and fewer false alarms. Xcitium  HIPS is effective against advanced persistent threats.

A typical example of detection is when activity is detected across ports that had not been accessed in the controlled network environment.

Stateful Protocol Method

In networking, data packets are wrapped with a header of the protocol when they have to travel over the network. The type of header data differs according to each networking model. In Xcitium AEP, the protocols follow the standards as specified in the Requests for Comments (RFC) document on protocol implementation.

In this method, each header assembly is examined for inconsistencies with RFC defined profiles. True deviation from RFC profiles is flagged as malicious. HIPS also maintains data on normal implementations so as to avoid false detections. True deviations trigger alerts to users and the administrators.

A typical suspicious detection could include detection of a TCP header that included a rarely used URG (urgent) mechanism.

Xcitium AEP incorporates signature, baseline and stateful inspection types in its HIPS intrusion detection system. Deviations are observed in ports, bandwidth, and protocol usage. Detection of an abnormal state (intrusion detection) triggers implementation of a predetermined set of actions that alerts administrators and also prevents compromise of the endpoint.

Xcitium AEP HIPS intrusion detection system in an important security layer in the multi-layered protection mechanism that includes antivirus protection, Auto-Containment™, and firewall. The intrusion detection system provides protection against root-kits, key-loggers, and inter-process memory injections.

Intrusion Detection System Protocol Method

Related Resources

IT Inventory Software

Related Sources:

Endpoint Detection and Response

Internet Spyware