Q

Will host-based intrusion detection software replace signature IDS?

As signature-based IDS becomes less effective, is host-based IDS the best option to replace it? Expert Anand Sastry weighs in.

As encryption conceals the contents of network messages, the ability of intrusion detection systems to read those packets decreases. Some have speculated that all IDSes will become host-based once all network packets have been encrypted. Do you agree?

With the increase in malware threats targeting the application domain and users’ browsers specifically, traditional network signature-based intrusion detection and prevention systems are turning out to be less effective at combating this type of threat. This situation is further exacerbated when traffic is encrypted, as traditional signature IDS products offer no visibility.

Proxy-based Layer 7 protection products for policing Internet access from corporate workstations tend to be more effective in these situations, due to their focus on client-side threats. Web application firewalls also play a similar part in hosted environments, protecting critical Web applications against application-layer threats.

These proxy-based products have the ability to broker encrypted sessions on behalf of the client, which provides them with visibility into the session to monitor for threats that would otherwise have been missed. This platform as such provides more comprehensive detection and mitigation than traditional IDS products.

In order to extend this protection onto mobile platforms, full-featured endpoint security products provide effective threat mitigation as well. These endpoint security products, often referred to as host-based intrusion detection software, provide traditional signature-based IDS/IPS network-based threat protection at the host level, while also providing a user with a safer Web experience through built-in site reputation checking. This, coupled with antivirus and antispyware protection, provides effective and cost-efficient protection irrespective of the environment (corporate or public).

I think current endpoint products, coupled with point products targeting specific threats like key/screen/clipboard loggers, make for an effective alternative to traditional IPS or IDS products.

This was first published in August 2011
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close