Re: Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within)

[Mark Teicher <mht3 () earthlink net>]

Depends on how much one is invested in research and evaluating the 
various product that will suit the requirements.

At 04:20 AM 7/15/2005, mark12_30 () hotmail com wrote:
> Hello,
>
> I'm interested in the general feel from people about what should be 
> used in the following scenario:
>
> - Large corporation (4000+ servers)
> - Looking for Host-Based IDS/IPS for key servers
> - Established 24x7 monitoring team
> - Solution has to pick up common exploits (Buffer Overruns & API calls etc)
> - Has large, established network IDS
> - Only deploying on windows win2k & 2003 servers (web, email, app, db etc)
> - Conservative windows server management group
> - Implementing point solution SIEM (eg arcsight etc)
>
> Given the above situation, what would you recomment?  I understand 
> from a lot of research that HIPS is gathering momentum.  Any 
> thoughts would be great, esp suggestions on products
>
> Thank you
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> --------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------