ThreatSentry 3.0 is a Host Intrusion Prevention System (HIPS) specifically designed to address internal and external unauthorized system access and cyber-criminal threats on Web servers utilizing Microsoft Internet Information Services (IIS). Since its introduction, IIS has grown in popularity and ranks as one of the most widely used platforms for enabling simple to sophisticated Web sites and Web-based applications. While it is well-regarded for its ease of use and range of features, it is frequently targeted by hackers due to a variety of IIS-related vulnerabilities and the inherently open nature of many Web applications – many of which manage sensitive information such as credit card numbers, passwords, or other private information.
An ISAPI filter hosted in MMC, ThreatSentry is comprised of an application firewall and behavior anomaly detection engine. Server requests are filtered through a knowledgebase of known attack signatures, untrusted IPs and other attack characteristics and an evolving system baseline to detect any untrusted activity and prevent new or known attacks that target IIS vulnerabilities or open access points.
ThreatSentry supports single or multiple server environments and provides protection from an array of documented exploitive techniques including Directory Traversal, Cross-site scripting, Parameter Manipulation, Buffer Overflow, Denial of Service, SQL Injection, Parser Evasion, High-bit Shellcode, Printer Protocol, and Remote Data Services, but also stops any unusual activity falling outside acceptable patterns of use.