Educause Security Discussion mailing list archives
Re: HIPS
From: "Raymond, Jessica" <Jessica.Raymond () UNCO EDU>
Date: Fri, 11 Sep 2009 13:42:48 -0600
I previously worked for one of the top managed security providers in the country, and I can tell you that from supporting HIPS and NIPS as well as WIDS that the NIDS are the most effective. HIPS and NIPS just detect very different sorts of attacks. I would say your money is best spent on NIDS/NIPS. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, Ronald A. Sent: Friday, September 11, 2009 12:59 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] HIPS We use Sophos as our endpoint protection solution. We learned the hard way that HIPS is a valuable addition to protecting the hosts when set to something other than "alert only." Just be prepared to monitor what it blocks/breaks so it can be "authorized." So far, only a few hosts have had anything legit blocked. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 700 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: raking () nsu edu http://security.nsu.edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Brukbacher Sent: Friday, September 11, 2009 2:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] HIPS We have McAfee available to us now.... -- Steve Brukbacher University of Wisconsin Milwaukee Information Security Architect UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224 Main Office: 414.229.1100 ----- Original Message ----- From: "Jessica Raymond" <Jessica.Raymond () UNCO EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Friday, September 11, 2009 1:28:46 PM GMT -06:00 US/Canada Central Subject: Re: [SECURITY] HIPS What technology are you using? Jessica L. Raymond, CISSP IT Security Analyst Carter Hall Office 0009-b (970)351-1420 Office (970)213-8928 Work Mobile ----- Original Message ----- From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Fri Sep 11 12:25:42 2009 Subject: [SECURITY] HIPS Anyone finding HIPS truly useful in helping reduce malware infections? Any tips/strategies? Things to watch out for? How are you managing false positives? -- Steve Brukbacher, CISSP University of Wisconsin Milwaukee Information Security Architect UWM Computer Security Web Site www.security.uwm.edu Phone: 414.229.2224
Current thread:
- HIPS Steve Brukbacher (Sep 11)
- <Possible follow-ups>
- Re: HIPS Raymond, Jessica (Sep 11)
- Re: HIPS Steve Brukbacher (Sep 11)
- Re: HIPS Patrick Ouellette (Sep 11)
- Re: HIPS King, Ronald A. (Sep 11)
- Re: HIPS Theresa Semmens (Sep 11)
- Re: HIPS Raymond, Jessica (Sep 11)
- Re: HIPS dick . jacobson (Sep 12)
- Re: HIPS Raw, Randy (Sep 13)
- Re: HIPS King, Ronald A. (Sep 14)