What are the disadvantages of a host-based intrusion detection system?

Cyber Security
, ,
#1
  1. HIDSs give rise to more management concerns as they are configured and operated on each monitored host. It implies that the system would demand more management efforts to install, configuration, and operate a HIDS.
  2. A HIDS isn’t optimised for detecting multi-host scanning; neither can it report a non-host network device’s scanning, such as a router or switch. If a complex correlation analysis is not presented, the HIDS will be unaware of the attacks that traverse multiple devices within the network.
  3. It is prone to susceptible to certain Denial of Service (DoS) attacks.
  4. It uses a large amount of disk/storage space for retaining the host as audit records and functioning correctly. It may necessitate disk capacity to be supplemented to the system.
  5. A HIDS can administer a performance burden on the host system, and in few cases, it may lower the system’s performance below satisfactory levels.

Some of the HIDS examples are OSSEC, ManageEngine, Quadrant, Splunk, snort and others. However, newer vendors have come up with cloud options and tools, allowing worry-free log files storage and security and faster access to data. Cloud-based HIDS are an option for companies with workloads spread around AWS, Azure and other clouds.

For disclosure: the examples provided here are just for the sake of this article; we have no inclination or commercial relationship of any kind with any of these vendors.

Advanced persistent threat attack detection is usually due to added threat intelligence into host-based IDS systems known as ATP (Advanced Threat Protection). Sorry about the confusing acronyms; ATP (Advanced Threat Protection) and APT are the opposites working around the defensive and offensive sides of security. Cyber threat intelligence is the information around threats and attackers that are used to stop and prevent attacks. Threat intelligence relies on various sources pulling information from social media, human intelligence, open-source intel(OSINT), technical intelligence or deep/dark web information. See more around how digital [attack surface assessmentprovides a point in time snapshot of their attack surface.