Host-based intrusion prevention systems are another layer of defense. These tools limit the various applications running on your system, blocking their ability to interact with the underlying kernel. Some bots function, however, by installing themselves inside of other legitimate applications, using them to undermine the system and potentially fly below the radar screen of your host-based IPS.
Therefore, in addition to network- and host-based IPSes, you should also make sure you have thoroughly deployed antivirus, antispyware and host-based firewalls. By operating on all of these fronts, you can dramatically lower the threat posed by your environment's bots.
Dig Deeper on Network intrusion detection and prevention (IDS-IPS)
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ... Continue Reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ... Continue Reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.