A Distributed Host Intrusion Prevention/Detection System (DHIPDS) is composed of application agents installed on workstations and servers throughout a corporate environment. At other times, referred to as a personal firewall, such agents, when installed throughout the enterprise and most importantly when centrally managed, function to not only dynamically protect the individual systems where they’re installed (intrusion prevention system) but they provide a mechanism for alerting management to intrusion attempts, hence the title DHIPDS. Since most such agents now available for corporate use are also capable of performing complex Computer Health Assessments, similar to those done by Network Access Control (NAC) agents, whereby configuration settings and patch installations are verified such a system is immensely valuable in assessing and updating the protective stance of the enterprise in near time. As well, with the intrusion detectioncapabilities, near time notification of suspicious activity occurring on the network is achieved. Fundamentally, a DHIPDS provides the following capabilities:
- an agent that is installed on all workstations and most servers
- centrally managed, with configuration changes and software updates being pushed out to clients from the command console
- intrusion prevention capabilities
- intrusion detection capabilities with near time reporting by the individual agents to the central management alerting center and command console.