THE PROBLEM OVERVIEW

• Hackers can get through firewalls.Network Intrusion Protection may not stop encrypted malicious traffic. Anti virus services will stop most but not all viruses. Internal servers & databases are vulnerable to new and unknown types of attacks. The system to protect these critical systems needs to be constantly learning and reviewed by security professionals KRAA’s Host Intrusion Detection and Prevention System (HIDS/HIPS) is our premier service designed to protect your most critical data and servers on your network. It provides an additional layer of defense beyond services such as a managed firewall, Network Intrusion Prevention Systems (NIPS) and signature-based anti virus software.
  
• HIDS/HIPS rely on a learning pattern for both known and unknown types of malicious activity. Rather than relying on signature matching for specific attacks, the behavior-based rules associated with HIDS/HIPS products monitor and deny malicious activity patterns. HIDS/HIPS monitors and alerts security operations personnel if activity is suspicious.
  

Because data is often a company’s most critical asset, the financial impact of an exploit executing before a signature is released can easily reach millions of dollars for a single outbreak. Accordingly, the cost-avoidance return on investment for the behavioral-based protection offered by HIDS/HIPS can be substantial.

The KRAA Solution

KRAA’s HIDS/HIPS service utilizes the latest On Demand technology which differs from anti virus, network firewall, and NIPS services in that it analyzes activity via customizable behavioral rules to block malicious activity within the system infrastructure. It assumes that companies and employees put their systems at risk by making necessary and productive use of a wide range of Internet resources. Consequently, the service works within each system defined by the customer to monitor and control network actions, local file systems, and other system components while maintaining an inventory of legitimate activity. To decipher legitimate activity from malicious activity, the pre-deployment process associated with this service includes a two-week activity-monitoring period. Subsequently, customized behavioral policies protect the customer’s systems by allowing or denying specific system actions.

KRAA will always remain in close communication with the client to continually fine tune the service to block malicious activity, alert on suspicious activity, and ensure that legitimate activity is allowed. Malicious system actions are immediately detected and disabled while other suspicious actions are permitted and alerted on if deemed necessary by security engineers. Both actions take place transparently, without any interruption to the user. If an encrypted piece of malicious code finds its way onto a system via email or web access, for example, as it attempts to unexpectedly execute or alter Cisco Security Agent-protected system resources, it is immediately neutralized and a notification is sent to our Security Operations Center.

Legitimate activity that triggers a protective rule will be allowed, but monitored and analyzed by KRAA to verify its legitimacy. If the allowed activity is determined to be malicious, the client will be contacted and guided through remediation procedures. The activity will also be blocked to prevent future attacks. If the allowed activity is not malicious, it will be recorded in the client portal for review and compliance reports.

The Benefits of KRAA’s Solution