The host-based security system (HBSS) is automated and standardized security software used to provide host-oriented security on servers, desktops, and laptops rather than at the boundary, such as on routers and switches, to protect against both internal and external threats. HBSS is a suite of security applications that protect at the host server level. It contains security systems such as the host intrusion prevention system (HIPS) and firewall and virus scan. It protects multiple weak points simultaneously, especially at the client.

HBSS provides detailed report capabilities, realtime asset status, central configuration management, and defense-in-depth protection of the latest cyber threats. Figure 1 shows virtual servers with HBSSs installed.

Figure 1 - An example of HBSSs installed on virtual servers.

An example of an HBSS function is policy-oriented Web browsing that distinguishes Website categories and file types. Rules can be created based on users, time of day, and Internet blacklists and whitelists. Data protection policy can be implemented to ensure that confidential and personal data does not leave the network via the web, whether inadvertently or with malicious intent. It can support roaming, and remote users ensuring security levels are maintained for all consumers when they are working away from the corporate network. Care must be taken when considering performance with redundant HBSS processes supported by a physical compute device.

Related Patterns: