Although the networks intrusion detection sensor (NIDS) provides network-based intrusion detection and prevention, Cisco Security Agent (CSAgent) provides threat protection for servers and desktops with a combination of multiple security features such as host intrusion prevention, distributed firewall, malicious mobile code protection, operating system integrity assurance, and audit log consolidation. Unlike traditional personal firewalls, which are based on policy, and host IDS, which is based on signatures, CSA Agent is not limited to protecting the end host from existing attacks based on a knowledgebase. Instead, with sophisticated algorithms built into the software, CSA Agent protects the end hosts from many sophisticated new attacks such as Code Red, SQL Slammer, etc., without prior knowledge about the attack. CSA Agent identifies and prevents malicious behavior before it can occur, and removes potential known and unknown ("Day Zero") security risks that threaten enterprise networks and applications. This chapter examines the details of the CSA Agent and CSA MC.