So how do we protect against this new breed of attack that is seemingly marching through unprepared systems? Intrusion detection software does not rely on signatures but highlights when malicious code has accessed critical areas such as memory, file system, OS, registry and applications. However closer to the mark this is it is still a case of closing the gate once the horse has bolted – surely prevention is better than cure. This is where Host Intrusion Prevention Software (HIPS) enters the fray.

HIPS recognizes anomalies in exactly the same way that intrusion detection software does – crucially, however, it does so before these have had a chance to access critical systems. Sitting just behind the firewall, HIPS recognizes all the traits of a zero-day attack by understanding the methods used to launch such an attack and blocking them. HIPS requires no patches, no signature updates or rules to work because it identifies the characteristics of the attack behaviour and stops the action taking place. A security guard trained to recognize the faces of wanted criminals is no good if they cannot work out for themselves when a masked man is breaking in.


Data is now the most important commodity that many companies have. This data needs to stay protected from outsiders whilst at the same time continually available to those who it is intended for. Malicious attacks seek to undermine both of these objectives using progressively more advanced hacking techniques. It is up to the corporate world to adapt to this and employ progressive IT security capable of addressing the problems of zero-day hacker attacks. Whilst HIPS may not be a silver bullet, employed in-line with AV software it will catch and destroy any attempt to enter your system propagated by these new attacks - providing the last man standing where signature-based security has failed.