Cloud-based solution based on OSSEC opensource HIDS
Malware Analysis Engine
CHESS-HIDS is SaaS offering from SecurWeave integrating it's unique kernel protector with open source OSSEC software. The product is designed and developed to offer a holistic solution for protecting systems from advanced malware along with intrusion detection. Optionally CHESS-HIDS implements an incident response feature to take action against any possible security event.
Need to Know more about CHESS - HIDS ?
Why do you need HIDS ?
A Host Intrusion Detection System (HIDS) is software that monitors a single computer or endpoint device for suspicious or malicious activity. Here are some reasons why you might need a
Detecting and preventing malware: A HIDS can help detect malware that has bypassed traditional antivirus software. By monitoring the activity on a host, it can identify suspicious behavior, such as changes to critical files, attempts to access sensitive information, or unauthorized network connections.
Compliance: Many organizations are required to comply with industry and government regulations such as PCI DSS, HIPAA, or SOX. A HIDS can help meet compliance requirements by monitoring and reporting on host activity.
Incident response: In the event of a security incident, a HIDS can provide valuable forensic data to help identify the source of the attack and understand the scope of the compromise.
Protection against insider threats: A HIDS can detect suspicious activity by insiders, such as employees with privileged access who may be engaging in unauthorized actions or accessing information they should not be.
Overall, a HIDS can provide an additional layer of security to help protect your organization's critical assets and sensitive information.
Features of CHESS-HIDS
File Integrity checking: There is one thing in common to any attack to your networks and
computers: they change your systems in some way. The goal of file integrity checking (or FIM -file integrity monitoring) is to detect these changes and alert you when they happen. Covers PCI DSS sections 11.5 and 10.5.5.
Log Monitoring: Every operating system, application, and device on your network generate logs (events) to let you know what is happening. OSSEC collects, analyzes and correlates these logs to let you know if something suspicious is happening (attack, misuse, errors, etc). Covers PCI DSS section 10.
Rootkit detection:Criminal hackers want to hide their actions, but using rootkit detection youcan be notified when the system is modified in a way common to rootkits.
Active response: Active response allows OSSEC to take immediate action when specified alerts are triggered. This may prevent an incident from spreading before an administrator can take action.
CHESS-P Integration: protect Linux powered systems from kernel mode attacks. With the
patented secure hypervisor technology, CHESS-P has a unique vantage point into the runningsystem and can detect, stop and alert kernel mode attacks of any complexity.