Breach Detection – Host Intrusion Detection Solutions
Continuous, Real-Time Breach Detection
If you can't Stop the Breach, make sure you can Spot the Breach. Zero-day threats, Trojans, APTs, deployed by Phishing and Insiders are impossible to defend against – make sure you can detect breaches before damage is done.
Forensic-level intrusion detection, self-learning about the good to expose the bad
Hackers don't want to be caught – breach detection has to be hyper-sensitive and lab-grade forensic. But you only need to be told about what you need to know, and when every IT system behaves differently, you need self-learning breach detection technology to understand what's normal and alert you to what isn't.
Say No to Change Noise, No to false alarms and No to high-maintenance
You only get Closed-Loop, Intelligent Change Control with NNT Change Tracker – don't waste hours manually investigating changes just to promote them to the Baseline – do it automatically, do it intelligently..
Breach Detection FAQs
Breach Detection? Surely prevention is better than detection?
By adopting a layered security approach, the Attack Surface presented by information systems can be minimized. Systems that are properly hardened in line with consensus-based security configuration checklists such as those from CIS will mitigate vulnerabilities. Anti-virus technology does still have a role to play despite the IT industry's acknowledgment that AV is a sidelined security technology. Zero day, polymorphous and mutating strains of malware all evade AV detection signatures, and targeted, APT-style attacks will easily escape detection by AV systems.
Some of the most high-profile breaches, such as Target, simply used hijacked access credentials and facilities to get a foothold inside the network, taking out any protection that may have been afforded by other threat prevention systems.
These breaches show us all that, even with an armory of security products and correctly operated security best practices you can never guarantee that a breach won't happen. Exploits exist long before they are ever discovered by researchers, and the best you can hope for is that you don't get breached before you have been able to remediate.
Prevention measures are still essential and effective, but do not guarantee systems are ever 100% hack-proof. Host Intrusion Detection technology therefore performs a vital contingency function - if and when defenses are breached, you are alerted and can take action before data theft and damage goes too far.
How does Breach Detection technology differentiate between Host Intrusion activity and legitimate system admin?
Most Hackers don't want to be caught and as such, Breach Detection technology needs to operate at a forensic-detail level. To catch subtle breach activity requires visibility of all configuration changes – a breach such as Target presented plenty of clues by way of new system files, new services, changes to registry keys, not to mention network and access activity.
The problem is that in order to gain the necessary visibility of breach activity, all other low-level system activity will also be brought into the spotlight too. Very quickly, system noise can overrun and drown out breach evidence.
This is why breach detection has to be operated within a security best practice framework and change control discipline is critical. The good news is that there are now innovations to automate change analysis, using pattern-matching intelligence to identify expected, planned changes, such as routine patching updates. This is known as Closed-Loop Intelligent Change Control.
Breach Detection/HIDS and Compliance
Host Intrusion Detection measures are mandated in all security and compliance standards. As a recognized security best practice, organizations such as NIST and SANS advocate the use of HIDS as a key security technology, while security controls frameworks such as PCI DSS, HIPAA, SOX, NIST 800-53 and DISA STIGs either indirectly or explicitly require HIDS / breach detection (such as PCI DSS 11.5 requiring regular file integrity monitoring checks on systems).
Contact us for a no-strings, no-sales pressure trial and see the coolest FIM solution in action for yourself
Need more information? Compliance – System Hardening - Change Control – Breach Detection