Intrusion Detection and Prevention Systems

Network & Host Intrusion

What is Intrusion Detection and Prevention?

Intrusion Detection and Prevention are application security practices that identify, block and prevent cyber attacks.

  • Intrusion Detection Systems (IDS) find and mitigate attacks that have already happened, like malware, trojan and rootkit injections and phishing.
  • Intrusion Prevention Systems (IPS) block attacks before they happen and are discovered through constant monitoring.

Network Level Intrusion Detection (NIDS)

Network level intrusion detection is critical in identifying threats that have evaded host-based defenses. It provides a robust form of intrusion detection and prevention.

Abacode leverages a Network Intrusion Detection System (NIDS) as part of the Security Operations Center (SOC) 24/7 monitoring to inspect all network traffic.

NIDS does exceptionally well in performing deep network packet inspection and pattern matching, which amplifies the capabilities for threat and attack detection.

Our SOC can detect threat actors that gained a foothold inside the organization using techniques that endpoint protection and other components of the security stack were unable to detect and block.

NIDS addresses some of the risks associated with insider threats and helps detect unauthorized systems and software that can compromise confidential data.

NIDS identify risks associated with phishing email landing pages, compromised sites, and command and control sites that can be used to target your organization.

Host Intrusion Detection (HIDS)

Host-level intrusion detection is security at the host level. HIDS accelerates the detection and isolation of issues that can result in compromised servers and workstations.

Abacode relies on a set of lightweight HIDS endpoint agents that complement the Endpoint Protection System or Antivirus.

The HIDS agent enables our SOC to detect Indicators of Compromise and to enact Endpoint Detection and Response countermeasures.

Some HIDS include the file integrity monitoring and endpoint telemetry needed for Managed Detection and Response and to meet regulatory compliance.

The HIDS agent extends the monitoring capabilities of our Security Operations Center beyond the corporate network for laptops. Laptops are constantly being monitored while used from home, at the coffee shop, the airport, or the hotel room.