Host Intrusion Detection Systems
A Host IDS monitors host and server event/sys logs from multiple sources for suspicious activity. Host IDS are best placed to detect computer misuse from trusted insiders and those who have already infiltrated your network. Okay, IMHO what I have just described is an event log manager, a true Host IDS will apply some signature analysis across multiple events/logs and/or time, heuristical profiling is another useful way to spot nefarious activity. NOTE it is felt that this battle of terms with the vendor marketeers regarding what actually constitutes a Host IDS vs an event log manager has been lost. therefore a HIDS can be any of the above.
McAfee Host Intrusion Prevention for desktops
Visit the Product Site
Enforce policies, set firewall rules, and keep desktops safe
How do you successfully manage security and connectivity policies for desktops and laptops in a global enterprise? Desktop protection can be a challenge, as any security specialist can tell y ...
Swatch
Visit the Product SiteSwatch started out as the "simple watchdog" for activly monitoring log files produced by UNIX's syslog facility. It has since been evolving into a utility that can monitor just about any type of log. Stephen E. Hansen and Todd Atkins. Automated system ...
SNIPS formerly NOCOL
Visit the Product SiteSNIPS (System & Network Integrated Polling Software) is a system and network monitoring software that runs on Unix systems and can monitor network and system devices. It is capable of monitoring DNS, NTP, TCP or web ports, host performance, syslogs, radiu ...
Sourcefire RUA
Visit the Product SiteSourcefire RUA enables customers for the first time to correlate threat, endpoint, and network intelligence with user identity information---equipping them to identify the source of policy breaches, attacks, or network vulnerabilities immediately. Much mo ...
SNARE Agents (others)
Visit the Product SiteSnare Agent for Windows (ex-BackLog) Snare for Windows provides front end filtering, remote control, and remote distribution for Windows eventlog data. Formally known as BackLog, Snare for Windows interfaces into the Windows EventLog subsystem. It can be ...
SNARE Agent for Linux (ex-SNARE)
Visit the Product SiteSNARE is divided into two components, the snare-core package and the snare GUI. Both components are open source, and are licenced under the GNU Public Licence. The snare-core package includes the SNARE audit kernel module and the audit daemon. The snare p ...
SNARE Server
Visit the Product SiteSystem iNtrusion Analysis and Reporting Environment - Server InterSect Alliance's System iNtrusion Analysis and Reporting Environment (SNARE), is an Enterprise audit Event Log analysis solution, comprising a central audit event collection, analysis, repor ...
SentryTools (ex-Abacus Project)
Visit the Product SiteThe Abacus Project suite consists of the following tools right now: Psionic Logcheck/LogSentry - This tool is a clone of a program that ships with the TIS Gauntlet firewall but has been changed in many ways to make it work nicely for normal system auditin ...
NetIQ Security Manager
Visit the Product Site
NetIQ Security Manager satisfies the toughest compliance mandates by automating security activity reviews, log preservation, threat management, incident response and change auditing. It provides strong protection of data residing on host systems, includin ...
M-ICE (Modular Intrusion Detection and Countermeasure E...
Visit the Product SiteThe main target of M-ICE are hostbased ID Systems but it is also possible to interoperate with other IDS architectures as long as they use the open and standarized message format IDMEF. The main goal of M-ICE is to fit for every infrastructure and to be h ...
Logsurfer
Visit the Product SiteLogsurfer is a program for monitoring system logs in real-time, and reporting on the occurrence of events. It is similar to the well-known swatch program on which it is based, but offers a number of advanced features which swatch does not support. Logs ...
LIDS
Visit the Product SiteA kernel patch and admin tool to enhance the linux kernel security, with implementation of reference monitor in kernel and Mandatory Access Control in the kernel. It provides Protection of files, Protection of process, Fine-granulate Access Controls, use ...
IIS Logger
Visit the Product SiteWorking as an ISAPI filter, this products is a pure LOGGER, which can provide very extended and verbous information about the requests made to an IIS web server. This includes logging requests for those nasty exploits which in normal conditions would leav ...
HP UX 11i Host Intrusion Detection System
Visit the Product SiteHP's Host Intrusion Detection System (HIDS) alerts you about hackers who have reached the HP-UX 11i operating environment and are about to do harm in the places most critical to your computing environment―the operating system and applications. Host int ...
grsecurity
Visit the Product Sitegrsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GNU GPL. It offers among many other features: * An intelligent and robust Role-Based Access Control ( ...
CA Audit
Visit the Product SiteCollect and store security related data enterprise-wide for auditing, reporting, compliance verification and event monitoring. CA Audit provides you with a scalable, centralized repository that stores and analyzes audit logs and security data from a diver ...
Dragon Intrusion Prevention
Visit the Product SiteEnterasys Dragon® ensures the confidentiality, integrity, and availability of business critical resources with industry-leading Intrusion Prevention capabilities, including: * Threat containment that leverages existing network investments * In ...
EMERALD eXpert-BSM
Visit the Product SiteEMERALD's eXpert-BSM Monitor is a host-based intrusion detection system that provides realtime security monitoring for critical application servers and workstations. eXpert-BSM provides comprehensive knowledge-base for detecting insider misuse, policy vio ...
AuditGUARD
Visit the Product SiteauditGUARD allows you to monitor who did what, when, where, and how. Features include Complete Audit Management: control and filter all of the information available to you. Continuous audit from all operating systems. Analysis of user actions and their ...
CA Host-based Intrusion Protection System
Visit the Product SiteCA Host-Based Intrusion Prevention System (CA HIPS) combines the protective power of five critical technologies— endpoint Firewall, Intrusion Detection, Intrusion Prevention, Operating System Security and Application Control capabilities—into one centrall ...
