Host-based Intrusion Prevention System (HIPS)

Security+ 🏆 • Security Operations 🛡️ • Difficulty: premium

Definition

A Host-based Intrusion Prevention System is security software on an endpoint that can detect and actively block malicious or policy-violating activity. It goes beyond alerting by preventing actions such as exploit behavior, unauthorized changes, or suspicious process activity on the host.

Examples

A HIPS blocks an application from injecting code into another process, preventing a common malware technique.
A server HIPS stops an unauthorized service from being installed and alerts the SOC.

Discover 🔎

Detection tells you something bad might be happening. Prevention tries to stop it in the moment. A Host-based Intrusion Prevention System sits on the endpoint and enforces rules about what is allowed to run and what kinds of behavior are permitted. It is especially useful because many attacks play out on the host itself, using processes, memory, and configuration changes that network tools may not clearly see.

Remember: HIPS is an enforcement control. It can block actions on the endpoint, not just report them.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.