ViPNet IDS HS
- Intrusion Detection System (IDS)
- Windows, Linux
ViPNet IDS HS is an intrusion detection system that monitors and processes events on a host. ViPNet IDS HS utilizes both signature and heuristic analysis of attacks based on rules and signatures provided by Infotecs. Due to centralized management of agents, settings, and rule groups on hosts, information security administrators respond promptly to security events in the network.
ViPNet IDS HS features:
- Monitoring all important events on a host, including network activity, changes in files, registry, processes, or logs.
- Notifying the administrator about detected attacks via the management application or by email.
ViPNet IDS HS helps you stay aware of what is happening on a host.
ViPNet IDS HS enhances your security system by:
- Heuristic analysis that detects attacks with no anti-virus signatures available.
- Effective location, as the software installed on a host detects network attacks that cannot be detected by network-level IDSs (for example, attacks in encrypted traffic).
ViPNet IDS HS components:
- The Agent (the software installed on hosts), which collects data about host operation and pre-analyzes it.
- The Server, which receives, stores, and analyzes data received from Agents.
- The Management Console, which provides a graphical interface for managing Agents and monitoring their states.
Supported operating systems
- MS Windows 10 (32/64), 8.1 (32/64), 8 (32/64), 7 SP1 (32/64).
- MS Windows Server 2012 R2, 2012, 2008 R2, 2008 (32/64).
You can use ViPNet IDS HS with other ViPNet products or as a standalone product. The function of ViPNet IDS HS is as follows:
- Detecting intrusions into an information system for their prompt prevention.
- Increasing the security level of information systems, data centers, workstations, servers and telecommunication equipment.
- Helping in investigating causes of security incidents by event aggregation and logging.
- Detects network attacks that cannot be detected by network-level IDSs (attacks in encrypted traffic).
- Supports centralized management.
Many sources for event monitoring. ViPNet IDS HS monitors all important events on the host and:
- Analyzes operating system logs (Windows Event Log);
- Analyzes application logs;
- Monitors command execution results;
- Monitors changes in operating system files, directories, and
- Analyzes the traffic passing through the host.
Attack detection methods:
- Signature analysis;
- Heuristic analysis.
Event analysis both on host and server. To reduce network and server load, the data is pre-analyzed on the host itself. The analysis does not slow the host operation and does not require any action from the user.
- ViPNet IDS HS sensor management
- Distribution of rules to host groups
- Obtaining comprehensive information about host state and events.
Notifying the information security administrator about security events. The information security administrator is notified by email about critical attacks. All events and attacks are displayed in the management application.
Scalable system. The client-server architecture allows the system to be scaled up as the protected information system expands.
Data transfer to ViPNet TIAS & CEF support.
Multitenancy mode for providing security threat monitoring services to organizations.
Getting MD5, SHA256 or SpamSum checksums of the new files in the controlled folders. This feature is some kind of malware detection. When new file created/copied/downloaded in controlled folder, HS-agent gets MD5 checksum and sends it to the HS-server. Then administrator can enter file-hash to virustotal (for example), just to be sure that file is OK.
Monitoring Windows updates - ViPNet IDS HS allows you to monitor Windows system updates are installed on the monitored hosts.
Detecting RemSec spyware - ViPNet IDS HS detects the RemSec spyware on the monitored host.