One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 2081 |
| Date de publication | 2016-05-26 13:00:00 (vue: 2016-05-26 13:00:00) |
| Titre | Antivirus or Host IDS, Your Last Line of Defense |
| Texte | Protecting servers that are running your business applications and storing your critical data should be the most important responsibility for security professionals. Antivirus and Host IDS (HIDS) are effective last line of defense for preventing and detecting malicious actors targeting your servers after perimeter defenses have failed or bypassed.Layering these technologies into your defense is smart, because history has shown that no prevention system is 100% effective and the ingenuity of the bad actors are limitless.While antivirus is well-known as the go-to tool for blocking malware infections on endpoints and infamous for making systems crawl during malware scans, HIDS should also be a part of your IT threat detection defenses because HIDS spot IOCs on the server after prevention defenses fail.So which should you use antivirus or HIDS as the last line of server defenses?The question shouldn’t be antivirus vs HIDS, but rather antivirus + HIDS. These technologies are complementary:Antivirus is a prevention tool that attempts to block installation of malware through known signatures and malware heuristicsHIDS is a lightweight host-based detection tool that alerts admins and SIEMS to changes to the server by monitoring logs, directories, files, and registries.What makes HIDS so effective in detecting intrusions is that it watches for the exact actions that the malware has to take in the course of server infections. After all, malware has to add, modify, and/or delete programs, services, configuration, or registry settings in order to accomplish its objectives. In other words, HIDS tells you when an attack has succeeded and it is time for you to respond.By using both antivirus and HIDS, you are helping to minimizing the attack surface, then maximizing your threat detection capabilities so that you can respond to the realities of prevention systems.Okay, that’s great, but we all live in the real world with budget and performance constraints. What If you can’t afford layered prevention that includes antivirus? Then you had better get really good at detecting and responding to intrusions. HIDS is an affordable detection technology that will go a long way in helping you build a layered defense in depth.AlienVault USM HIDSAntivirusNo added cost for AlienVault USMCan be costly, typically licensed per hostLow host overhead, typically~ 1% CPU~10MB footprintHost CPU intensive AlienVault USM HIDSLog analysis based intrusion detectionFile integrity checkingRegistry keys integrity checking (Windows)Signature based malware/rootkits detectionReal-time alerting and active responseYou can learn more about HIDS by watching this webinar or test drive AlienVault USM with our free trial.  |
| Envoyé | Oui |
| Condensat | related “aguaderos”: “watering 100 about accomplish actions active actors add added admins afford affordable after alerting alerts alienvault all also analysis and/or antes antivirus applications are attack attempts bad based because better block blocking both budget build business but bypassed can can’t capabilities changes checking checkingregistry complementary:antivirus configuration constraints cost costly course cpu cpu~10mb crawl critical cyber data defense defenses delete depth detectando detecting detection detectionfile detectionreal directories drive during effective endpoints exact fail failed files footprinthost free get good great group had has have helping heuristicshids hids hidsantivirusno hidslog history hole” host hostlow ids important includes infamous infectados infections ingenuity installation integrity intensivealienvault intrusion intrusions iocs its keys known last layered layering learn licensed lightweight limitless line live logs long makes making malicious malware malware/rootkits mandated maximizing microsoft minimizing modify monitoring more most muy objectives okay order other overhead part per performance perimeter policy preventing prevention professionals programs protecting que question rather real realities really registries registry respond responding responseyou responsibility running scans sea security server servers services settings should shouldn’t shown siems signature signatures smart spot storiesataques storing succeeded surface system systems take tardefile targeting technologies technology tells test testing that’s then these threat through time tool trial typically typically~ use using usm usmcan usmiot: usuarios watches watching way webinar well what when which will windows words world your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.