Enterasys Host Sensor

idsnetwork sensor

Enterasys Host Sensors are security applications used to detect attacks on a network server in real time. Host intrusion detection is particularly valuable in environments where AES, SSL, IPsec, or other encryption schemes are deployed because the sensor analyzes the decrypted data. Enterasys Host Sensors monitor individual systems running today’s most common operating
systems for evidence of malicious or suspicious activity in real time. Host Sensors use a variety of techniques to detect attacks and misuse, including analyzing the security event log, checking the integrity of critical configuration files, and checking for kernel level compromises. This hybrid approach helps organizations meet compliance requirements mandated by regulations including PCI, HIPAA and Sarbanes-Oxley.

Enterasys Host Sensors perform the following functions:

• Monitor file attributes such as file permission, owner, group, value, size increase, truncated and modification date

• Check file integrity to determine whether content of critical files was changed

• Continuously analyze log files using signature policies to detect attacks and/or compromises

• Monitor Windows event logs for misuse or attack

• Analyze Windows registry for attributes that should not be accessed and/or modified

• Perform TCP/UDP service detection for protection against backdoor services

• Monitor the kernel to detect suspicious privilege escalations and other signs of kernel-level compromises such as rootkits.

Enterasys Host Sensors support custom module development using Microsoft’s .NET Framework. This allows users to leverage the power and flexibility of the .NET framework to customize Enterasys functionality to meet their needs.

The optional Host Sensor Web Intrusion Prevention System (Web IPS) module protects against common attacks on web servers running Microsoft IIS and Apache. The Web IPS module works in conjunction with the Host Sensor to provide protection while operating with minimal overhead on the system. The Web IPS provides threat prevention for a large array of attacks and can terminate individual malicious sessions.


Extends IPS protection to the network edge
• Protect networked resources by removing an attacker’s ability to continue an attack or to mount a new attack
• Real-time dynamic attacker containment limits security incident impact
• Works with multi-vendor enterprise edge switching products

Protects today’s and tomorrow’s next generation networks
• Protection against emerging Voice over IP vulnerabilities, Day Zero threats, and advanced Denial of Service attacks
• Delivers leading price point and proven effectiveness at Gigabit, Multi-Gigabit, and 10 Gigabit performance
• Flexibly deployed as an appliance and/or virtual appliance enabling cost efficient threat detection and monitoring for both the physical and virtual networks
• Supports inspection and reporting for IPv6 networks extending IPS/IDS capabilities into next generation networks

Industry-leading intrusion prevention and response
• Unmatched threat detection and containment that leverages sophisticated signature, application, protocol, and behavioral analysis
• Unique host-based and network-based protection deployment options

Leverages your existing infrastructure investments and IT expertise
• Ready to protect “out-of-the-box” with powerful configuration tools for customization and advanced control
• No fork lift upgrades – works with your existing network switches, routers, wireless access points, and security appliances

Free Consultation

Due to our numerous partnerships, we can provide unbiased opinions on the best solution for your environment.

Unbeatable Prices

Our partnership levels give us the highest product discounts which we pass on as savings to our customers.

Pro Services

Finish your IT projects on-time and under budget with our nation-wide team of senior level engineers.

24x7 Tech Support

Rest assured knowing that our U.S. based IT support team is here for you on nights, weekends and when you need us most.