Breach Detection – Host Intrusion Detection Solutions

Continuous, Real-Time Breach Detection

target icon

If you can't Stop the Breach, make sure you can Spot the Breach.

Zero-day threats, Trojans, APTs, deployed by Phishing and Insiders are impossible to defend against – make sure you can detect breaches before damage is done.

Forensic-level intrusion detection, self-learning about the good to expose the bad


Hackers don't want to be caught – breach detection has to be hyper-sensitive and lab-grade forensic.

But you only need to be told about what you need to know, and when every IT system behaves differently, you need self-learning breach detection technology to understand what's normal and alert you to what isn't.

Say No to Change Noise, No to false alarms and No to high-maintenance

no noise icon

You only get Closed-Loop, Intelligent Change Control with NNT Change Tracker – don't waste hours manually investigating changes just to promote them to the Baseline – do it automatically, do it intelligently.

Breach Detection FAQs

Breach Detection? Surely prevention is better than detection?

By adopting a layered security approach, the Attack Surface presented by information systems can be minimized. Systems that are properly hardened in line with consensus-based security configuration checklists such as those from CIS will mitigate vulnerabilities. Anti-virus technology does still have a role to play despite the IT industry's acknowledgment that AV is a sidelined security technology. Zero day, polymorphous and mutating strains of malware all evade AV detection signatures, and targeted, APT-style attacks will easily escape detection by AV systems.

Some of the most high-profile breaches, such as Target, simply used hijacked access credentials and facilities to get a foothold inside the network, taking out any protection that may have been afforded by other threat prevention systems.

These breaches show us all that, even with an armory of security products and correctly operated security best practices you can never guarantee that a breach won't happen. Exploits exist long before they are ever discovered by researchers, and the best you can hope for is that you don't get breached before you have been able to remediate.

Prevention measures are still essential and effective, but do not guarantee systems are ever 100% hack-proof. Host Intrusion Detection technology therefore performs a vital contingency function - if and when defenses are breached, you are alerted and can take action before data theft and damage goes too far.

» Learn more about Non-Stop File Integrity Monitoring as a Breach Detection technology here

How does Breach Detection technology differentiate between Host Intrusion activity and legitimate system admin?

Most Hackers don't want to be caught and as such, Breach Detection technology needs to operate at a forensic-detail level. To catch subtle breach activity requires visibility of all configuration changes – a breach such as Target presented plenty of clues by way of new system files, new services, changes to registry keys, not to mention network and access activity.

The problem is that in order to gain the necessary visibility of breach activity, all other low-level system activity will also be brought into the spotlight too. Very quickly, system noise can overrun and drown out breach evidence.

This is why breach detection has to be operated within a security best practice framework and change control discipline is critical. The good news is that there are now innovations to automate change analysis, using pattern-matching intelligence to identify expected, planned changes, such as routine patching updates. This is known as Closed-Loop Intelligent Change Control.

» Learn more about Configuration Management/Change Control and File Integrity Monitoring here

Breach Detection/HIDS and Compliance

Host Intrusion Detection measures are mandated in all security and compliance standards. As a recognized security best practice, organizations such as NIST and SANS advocate the use of HIDS as a key security technology, while security controls frameworks such as PCI DSS, HIPAA, SOX, NIST 800-53 and DISA STIGs either indirectly or explicitly require HIDS / breach detection (such as PCI DSS 11.5 requiring regular file integrity monitoring checks on systems).

» Learn more about Continuous Compliance and File Integrity Monitoring here

Contact us for a no-strings, no-sales pressure trial and see the coolest FIM solution in action for yourself

Need more information? Compliance – System Hardening - Change Control – Breach Detection

 Trusted by:
USA Offices
New Net Technologies Ltd
9128 Strada Place
Naples, Florida, 34108
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
St Albans


Tel: 08456 585 005
Fax: 08456 122 031
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.