A Host Intrusion Detection System (HIDS) monitors network traffic for suspicious activity and alerts the system or network administrator. In some cases, the HIDS may also respond to anomalous or malicious traffic by taking action, such as blocking the user or source IP address from accessing the network.
The tools, as implemented by Collibra, detects the following intrusion possibilities:
- File integrity (system and application files)
- Sign-in attempts
- Portscanning
- Brute force attacks
- Rootkit detection
All alerts are collected in a central place, and alerts with high priority are reviewed by both Production Engineering and Security Operations.