Educause Security Discussion mailing list archives

Re: HIPS

From: "Raymond, Jessica" <Jessica.Raymond () UNCO EDU>
Date: Fri, 11 Sep 2009 13:42:48 -0600

I previously worked for one of the top managed security providers in the country, and I can tell you that from 
supporting HIPS and NIPS as well as WIDS that the NIDS are the most effective.  HIPS and NIPS just detect very 
different sorts of attacks.  I would say your money is best spent on NIDS/NIPS.



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, 
Ronald A.
Sent: Friday, September 11, 2009 12:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HIPS

We use Sophos as our endpoint protection solution.  We learned the hard way 
that HIPS is a valuable addition to protecting the hosts when set to something 
other than "alert only."  Just be prepared to monitor what it blocks/breaks so 
it can be "authorized."  So far, only a few hosts have had anything legit 
blocked.

Ronald King
Security Engineer
Norfolk State University
Marie V. McDemmond Center for Applied Research
Suite 401
700 Park Ave.
Norfolk, Virginia  23504
Phone:  757-823-3918
Fax: 757-823-2128
Email: raking () nsu edu
http://security.nsu.edu


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Steve Brukbacher
Sent: Friday, September 11, 2009 2:42 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HIPS

We have McAfee available to us now....

-- 
Steve Brukbacher
University of Wisconsin Milwaukee
Information Security Architect
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224
Main Office: 414.229.1100


----- Original Message -----
From: "Jessica Raymond" <Jessica.Raymond () UNCO EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Friday, September 11, 2009 1:28:46 PM GMT -06:00 US/Canada Central
Subject: Re: [SECURITY] HIPS

What technology are you using?
Jessica L. Raymond, CISSP
IT Security Analyst
Carter Hall
Office 0009-b
(970)351-1420 Office
(970)213-8928 Work Mobile

----- Original Message -----
From: The EDUCAUSE Security Constituent Group Listserv 
<SECURITY () LISTSERV EDUCAUSE EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Fri Sep 11 12:25:42 2009
Subject: [SECURITY] HIPS

Anyone finding HIPS truly useful in helping reduce malware infections?
Any tips/strategies?  Things to watch out for?  How are you managing
false positives?

-- 
Steve Brukbacher, CISSP
University of Wisconsin Milwaukee
Information Security Architect
UWM Computer Security Web Site
www.security.uwm.edu
Phone: 414.229.2224

Current thread:

HIPS Steve Brukbacher (Sep 11)
- <Possible follow-ups>
- Re: HIPS Raymond, Jessica (Sep 11)
- Re: HIPS Steve Brukbacher (Sep 11)
- Re: HIPS Patrick Ouellette (Sep 11)
- Re: HIPS King, Ronald A. (Sep 11)
- Re: HIPS Theresa Semmens (Sep 11)
- Re: HIPS Raymond, Jessica (Sep 11)
- Re: HIPS dick . jacobson (Sep 12)
- Re: HIPS Raw, Randy (Sep 13)
- Re: HIPS King, Ronald A. (Sep 14)