Talk With an Expert

Efficacy of UNIX HIDS

Efficacy of UNIX HIDS (PDF, 3.28MB)Published: 15 May, 2020
Created by
Janusz Pazgier

There has been an increase in UNIX-based adversarial activity, as enterprises and users shift towards the platform (WatchGuard, 2017). The focus of this paper is to demonstrate the effectiveness of three separately installed host-based intrusion detection systems (HIDS): OSSEC, Samhain, and Auditd, and their ability to detect specific MITRE ATT&CK tactics. Custom scripts implement the ATT&CK tactics of privilege escalation, persistence, and data exfiltration. The goal is to inform security professionals about the pros and cons of implementing each of these HIDS.

Efficacy of UNIX HIDS