IDS mailing list archives
RE: eEye Blink and other Endpoint IPS solutions.
From: "Steve Figures" <steve.figures () surefile co uk>
Date: Fri, 1 Jul 2005 05:30:44 +0100
There is also an HIPS called FortiClient from Fortigate, which I find to be pretty good. Have a look at http://www.fortinet.com/news/pr/2004/pr033104.html & there should be other links to product information...... Regards, Steve -----Original Message----- From: Palmer, Paul (ISSAtlanta) [mailto:PPalmer () iss net] Sent: 30 June 2005 23:25 To: mashraf () hushmail com; focus-ids () securityfocus com Subject: RE: eEye Blink and other Endpoint IPS solutions. Mina writes: "On the plus side it makes evaluating the options much easier when there seem to be only Cisco and eEye in the marketplace :)" ISS also provides HIPS products. I work for ISS, so I have a high opinion of our products. If I recall correctly, McAfee also sells a HIPS product. -----Original Message----- From: mashraf () hushmail com [mailto:mashraf () hushmail com] Sent: Thursday, June 30, 2005 7:27 AM To: focus-ids () securityfocus com Subject: RE: eEye Blink and other Endpoint IPS solutions. Hi, Just wanted to say thanks for all your replies, here and emailed! There were some valuable comments and suggestions especially considering I gave so little information in my original questions. I've been working with IDS for a few years now and it has been problematic and ultimately judged unsuccessful by any currently meaningful criteria. Business requirements have changed so much in the last 3 or 4 years that what was once intended as a perimeter monitoring tool has ended up being judged on its ability to detect internal intrusions. This meant deploying unmanageable numbers of Snort sensors, being completely overwhelmed by the false alerts and spending countless hours fine tuning signatures on server by server basis. I know many of you must have had similar problems. I'd love to have a NIP appliance that could protect the entire server subnet but with 50 or more MS servers each connected by dual gigabit ethernet to switches with a notional backplane throughput of 64Gbs I think I may be being a bit optimistic! I've yet to find a NIPS that even claims to be able to exceed 5Gbs so I think that my only real option is something host based and maybe a couple of perimeter NIP devices for DDoS protection if I decide the risk warrants the cost. I can't imagine that our requirements are so very different from other much larger organisations so it is strange that so many IPS companies seem hung up on perimeter defence while the rest of the security industry has changed. On the plus side it makes evaluating the options much easier when there seem to be only Cisco and eEye in the marketplace :) Thanks, Mina Concerned about your privacy? Follow this link to get secure FREE email: http://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger http://www.hushmail.com/services-messenger?l=434 Promote security and make money with the Hushmail Affiliate Program: http://www.hushmail.com/about-affiliate?l=427 ------------------------------------------------------------------------ -- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: eEye Blink and other Endpoint IPS solutions. Steve Figures (Jul 02)
- <Possible follow-ups>
- RE: eEye Blink and other Endpoint IPS solutions. mashraf (Jul 02)
- RE: eEye Blink and other Endpoint IPS solutions. Mark Teicher (Jul 05)
- Re: eEye Blink and other Endpoint IPS solutions. Joey Peloquin (Jul 02)
- Re: eEye Blink and other Endpoint IPS solutions. Mark Teicher (Jul 05)
- Re: RE: eEye Blink and other Endpoint IPS solutions. billy (Jul 02)