A Host Intrusion Prevention System (HIPS) is a centrally managed, highly configurable security solution that monitors individual hosts and endpoints for malicious activity. It’s like a firewall, IDS/IPS, and antivirus solution rolled into one, that runs on individual servers or client machines. As soon as a HIPS detects a threat, it can alert admins and act on the threat.
Depending on the product, a HIPS achieves intrusion detection through any one or all of the following methods:
- Signature pattern analysis– By looking for signatures of known malware
- Behavior analysis– By inspecting bandwidth, protocols, and ports for anomalous behavior
- Stateful packet inspection– By inspecting packets for abnormalities in the state of the protocol
The best solutions are capable of protecting hosts and other endpoints against a variety of known, emerging, and even zero-day threats.
Most Host Intrusion Prevention Systems come with myriad rules that need to be fine-tuned to provide maximum protection. Unless a HIPS is configured optimally, you’ll see a number of false positives while critical threats slip through.