Host IPS

Host Intrusion Prevention

Protect your infrastructure from encrypted attacks that bypass perimeter defenses

Malicious attacks that use encryption can easily bypass firewalls and network intrusion prevention systems. Host intrusion prevention provides another layer of defense to protect your infrastructure from internal and external attacks that use encryption techniques. However, host intrusion prevention systems (HIPS) are complex and difficult to configure. If implemented incorrectly, HIPS can cripple an application on the host server. And, HIPS must be monitored to identify attacks around the clock.

Dell SecureWorks' Host Intrusion Prevention System (Host IPS) service is a fully managed service that decrypts and inspects encrypted traffic to prevent external and internal attacks on your critical servers in real time.

Dell SecureWorks' Host Intrusion Prevention System service protects servers from attacks on applications, data, and operating systems. Our skilled security experts define policies, configure rules, monitor your environment 24x7 and tune the host agents to both protect your critical servers and allow legitimate traffic to flow uninterrupted.

With Host IPS you can:

Prevent known and Zero-Day attacks that could compromise key servers
The Dell SecureWorks Host Intrusion Prevention System (HIPS) serves as an application firewall for your servers to ensure that an application is doing only what it is supposed to be doing. When encrypted traffic is received and decrypted by the operating system on the host machine, the HIPS agent intercepts instructions prior to reaching the application to prevent malicious activity. Your servers are even protected from new threats.

According to the FFIEC IT Examination Handbook, this method of host-based intrusion detection and prevention "is particularly appropriate for Internet banking servers and other servers that communicate over an encrypted channel."

Control access and usage
Host agents are deployed on critical servers with customizable policies providing more precise control over access and usage.

Protect your network from internal attacks
As your organization grows, it becomes increasingly difficult to know all employees and contractors. Unless you can vouch for every internal resource with access to your internal systems, you are always at risk for an attack from the inside. HIPS guards against malware and attacks inadvertently transmitted by employees as well as contractors, suppliers and other third parties who have access to your network  through:

• infected USB drives and other removable media
• infected "walk-in" laptops

Host IPS provides the following features:

• Customized security policy design and tuning
• An expert security team monitoring your HIPS in real time 24x7x365
• Immediate response to prevent attacks directed at your protected servers
• Real-time, behavior-based attack blocking
• Elimination of known and unknown attacks (Zero-Day)
• In-depth logging and reporting on attempted intrusions
• Customized escalation procedures
• Superior protection against buffer overflow, port scans and SYN floods
• Enhanced protection from threats transmitted through encrypted traffic, infected USB drives and floppies, laptops, consultants and partners who can access your network over an encrypted channel
• Secure access to the web-based Customer Portal

Maximum application visibility with minimal operating system performance impact

Dell SecureWorks' Host Intrusion Prevention System service utilizes a host agent that resides between the applications and the operating system, enabling maximum application visibility with minimal impact to the performance of the underlying operating systems. The software's unique architecture intercepts all operating system calls to file, network and registry sources as well as to dynamic run-time resources such as memory pages, shared library modules and COM objects. The agent then intelligently correlates the behavior of these system calls, based on rules that define inappropriate or unacceptable behavior for a specific application or for all applications.  This correlation and insight into the application's behavior is what allows the software, as directed by the security staff, to prevent new intrusions.