Host-based intrusion detection is built into AlienVault Unified Security Management

Host-based Intrusion
Detection System

Protect your critical systems with built-in Host IDS in AlienVault Unified Security Management (USM).

Watch a 90-Second Demo

Trusted by thousands of customers.

Career BuilderBumble Bee TunaDole FoodsHyattPappas RestaurantsSubaruAmy'sU.S. Air ForceOklahoma UniversityTHSBZioskSave Mart SupermarketsHigh Plains BankEpsilon Systems SolutionsPeet's Coffee and TeaPepco Holdings IncLifespan BioscienceThe New York TimesArcos Dorados HoldingsBluegrass CellularBank of IrelandHays Medical CenterTaylor-MorrisonPolitie Dutch National PoliceNational Film Board of CanadaRichland Washington School DistrictInternational Currency ExchangeDelta SonicShake ShackParking PandaJobReadySubaruBrookfield ZooSouthwest BankCintraCity of FargoRainforest AllianceHSB

Monitor and Protect Your Critical Systems
with Host-based IDS

A host-based intrusion detection system (HIDS) gives you deep visibility of what’s happening on your critical systems. With it, you can detect and respond to malicious or anomalous activities that are discovered in your environment.

On its own, host intrusion detection does not give you a complete picture of your security posture. You must be able to correlate your HIDS log data in a SIEM environment with other critical security data as well as the latest real-world threat intelligence.

AlienVault® Unified Security Management™ (USM™) eases security analysis and correlation by combining host-based IDS with other essential security capabilities in a single, unified security environment. With it, you can easily manage your network, cloud, and hybrid cloud security from a single pane of glass. In addition, continuous threat intelligence updates from AlienVault Labs are delivered to USM, backed by the AlienVault Open Threat Exchange™ (OTX™)—the world’s first open threat intelligence community.

Detect Changes & Threats to Critical Systems

  • Detect Unauthorized & Anomalous Activities
  • View Attempts to Gain System Access
  • Protect the Integrity of the Data Collected

Implement File Integrity Monitoring (FIM)

  • Know When and How Your Files Are Changed
  • Meet PCI Compliance Requirements & Others

Deploy Host IDS in a Unified Security Management Platform

  • Asset Discovery & Inventory
  • Vulnerability Assessment
  • SIEM & Log Management
  • Network IDS
  • Behavioral Monitoring

Receive the Latest Threat Intelligence from AlienVault Labs and OTX

  • AlienVault Labs Researches Threats for You
  • Threat Intelligence Continuously Delivered
  • Community-powered Threat Information via OTX

Detect Changes & Threats to Your Critical Systems

AlienVault USM’s built-in host-based intrusion detection system monitors your critical systems and alerts you to any unauthorized or anomalous activities that occur.

A lightweight agent runs on each monitored host, tracking any changes made to critical system files, configuration files, log files, registry settings, and even important content files. The HIDS agent collects this information and sends it to USM for evaluation and correlation with other environmental data and threat intelligence.

With USM’s host-based IDS, you gain granular visibility into the systems and services you’re running so you can easily detect:

  • System compromises
  • Privileged escalations
  • Unwanted applications
  • Modification of critical configuration files (e.g. registry settings, /etc/passwd)
  • Rootkits
  • Rogue processes
  • Critical services that have been stopped
  • User access to systems

Detect Unauthorized & Anomalous Activities

When malicious or anomalous activities occur on a system—such as brute force authentication-based attacks, rapid file changes, or a user logging into an unauthorized asset—HIDS detects the activities and sends them to USM for analysis. When an alarm is generated in USM, it captures all you need to know about the incident, including asset information (OS, software, and identity), vulnerability data, network communication, raw log data, and more.

View Failed Attempts to Gain System Access

Know which of your assets attackers are trying to infiltrate before they get in. USM’s HIDS generates events on failed authentication attempts for Windows, MySQL, remote access, SSH service, as well as SQL injection, XSS, and multiple failed login attempts.

Protect the Integrity of the Data Collected

USM’s HIDS uses a client / server architecture to protect the data collected by the HIDS agents. Because an attack could compromise an agent as it compromises the operating system, it’s essential to store the forensic and security data separately from the host. This safeguard prevents you from relying on system data that may have been altered or destroyed on the compromised system.

Implement File Integrity Monitoring (FIM)

Changes to configuration and system files are often the early signs of a breach. That’s why it’s essential to implement File Integrity Monitoring (FIM) on your critical systems, so you know as soon as changes happen.

File integrity monitoring allows you to track changes made to sensitive files on your critical systems. This provides a necessary audit trail and allows you to validate that the changes were authorized, expected, and did not jeopardize the integrity and security of the files.

USM’s host-based IDS enables you to do file integrity monitoring (FIM) and registry integrity monitoring (RIM) efficiently.

Meet Your Compliance Needs with File Integrity Monitoring

Many regulatory compliance standards require file integrity monitoring tools—either explicitly or implicitly—to be in place to pass a compliance audit.

PCI DSS: Requirements 10.5.5 and 11.5 specifically call for a file integrity monitoring (FIM) system to detect and alert you of unauthorized changes to critical system files, configuration files, and content files.

HIPAA: Compliance Standard § 164.312(c)(2) deals with data integrity and requires you to ensure that health information has not been altered or destroyed in an unauthorized manner.

GLBA: The Gramm-Leach-Bliley Act requires financial institutions to safeguard sensitive customer data. This includes (§314.4 -3) detecting, preventing and responding to attacks, intrusions, or other systems failures.

Additional Compliance Standards: Learn how USM helps you to meet other compliance standards: FFIEC, ISO 27001, GPG13, NERC CIP, and FISMA.

Deploy Host IDS in a Unified Security
Management Platform

In AlienVault USM, the host intrusion detection system is natively integrated out of the box with other essential security capabilities. This significantly reduces the cost and complexity of integrating multiple disparate security tools and data sources. Instead, USM delivers complete visibility of your security posture on Day One and continues to update your environment with the latest security intelligence as new threats emerge or evolve in the wild.

AlienVault USM combines the following five security capabilities in a unified security management platform.

Asset Discovery & Inventory

USM automatically scans and discovers all the IP-enabled devices in your environment, how they’re configured, what services are listening on them, and any potential vulnerabilities and active threats being executed against them.

Vulnerability Assessment

With vulnerability management in USM, you can find the weak spots in your environment that expose you to threats and remediate them before intrusions occur. And, when intrusions do occur, you have a unified view of important asset and vulnerability data so you can respond faster. USM performs authenticated and unauthenticated vulnerability scanning as well as continuous passive monitoring with the most up-to-date vulnerability signatures from AlienVault Labs.

SIEM & Log Management

USM has powerful SIEM and centralized logging capabilities built in so you can readily identify and investigate security incidents from a single console. USM correlates security events from its built-in security tools as well as from external data sources so that when an incident happens, you have immediate 360° visibility of the actors, targeted assets and their vulnerabilities, methods of attack, and more.

Network Intrusion Detection System (NIDS)

NIDS detects known threats and attack patterns targeting your vulnerable assets. It scans your network traffic, looking for the signatures of the latest attacks, malware infections, system compromise techniques, policy violations, and other exposures, and it raises alarms in your USM dashboard to alert you when threats are identified.

Behavioral Monitoring

USM’s behavioral monitoring capabilities enable you to spot and investigate suspicious traffic and activities that fall outside of your baseline or “normal” operations. USM works to:

  • Identify protocols and baseline “normal behavior”
  • Spot policy violations and suspicious activity
  • Monitor system services and unexpected outages
  • Conduct full protocol analysis on network traffic

Receive the Latest Threat Intelligence from
AlienVault Labs and OTX

Researching threats and maintaining your SIEM software, IDS, and vulnerability assessment tools for the latest threat detection isn’t trivial. Without a team of in-house security analysts, this can be a challenge. AlienVault Labs’ research team fuels your USM platform with the latest threat intelligence updates, so you can focus on detecting and responding to the most critical issues in your environment.

The AlienVault Labs threat research team acts as an extension to your in-house security resources, mapping out the different types of attacks, the latest threats, suspicious behavior, vulnerabilities, and exploits they uncover across the entire threat landscape. They leverage the power of AlienVault Open Threat Exchange™ (OTX), the world’s largest crowd-sourced repository of threat data to provide global insight into attack trends and bad actors.

AlienVault Labs delivers the latest IDS attack signatures and correlation directives directly to your USM environment, so that you always have the most up-to-date threat intelligence as you monitor your environment for intrusions and other threats.

AlienVault Labs

Continuous Security Intelligence Delivered

In USM, security intelligence is continuously delivered in the form of coordinated rulesets. These include:

  • Network IDS signatures
  • Host-based IDS signatures
  • Asset discovery signatures
  • Vulnerability assessment signatures
  • Correlation rules
  • Reporting modules
  • Dynamic incident response templates
  • Newly supported & updated data source plug‐ins

Community-powered Threat Information via OTX

The Open Threat Exchange (OTX) is the world’s largest crowd-sourced repository of threat data. This community of security and IT professionals share threat data as it emerges, in “pulses” of indicators.

When you deploy USM, you get access to all AlienVault Labs OTX pulses by default. You can also subscribe to other OTX pulses posted by security researchers, AlienVault Partners, and OTX community members so that you get global insight into attack trends and bad actors that could impact your operations.

Additional Resources

Browse all Resources

Get Price Free Trial Chat