Re: eEye Blink and other Endpoint IPS solutions.

[Mark Teicher <mht3 () earthlink net>]

You are trying to compare apples and oranges.  From a base level, each vendor provides their unique feature set to 
address end point Host Based Intrusion Detection concerns and enterprise or organization may have.  Not all cover all 
available operating systems, some vendors have some coverage beyond the typical Windows operating system platform, some 
don't at all. Some of the back ends require MS SQL, runtime MS SQL, MySQL and cross your fingers support for Oracle 
8.x, 9.x, etc.  The question regarding performance for 1Gbs for a small to medium sized business is a bit pointless 
since an enterprise/organization lowest type of network connection may be a remote user using dial-up from a hotel, so 
therfore being able to detect rogue attacks, viruses, spyware or a former intelligence agency type guy turned rogue 
"security researcher" is highly unlikely.  But every once in a while, yo may observe a "pingflood" generated by a 
targa2.c script or portscan from the "security researcher" using commonly available network tools such as: nmap, 
nessus, Qualys consultant.  
Assembling a list of what your small to medium sized business end point security concerns would be a good place to 
start.  Once that work is done, examining the data sheets of the various vendors in the market segment would be the 
second step, assembing a RFI or RFQ to send to vendors would be formal step in the process, but nontheless, let the 
vendors provide their knowledge to answer your questions based on your security concerns therefor saving yourself from 
"scratching your head" or contacting business partners who have a really slick security slide deck/preso to show but 
don't have the necessary hands-on experience or technical background to assist  you with your research.

/cheers

/mht

-----Original Message-----
From: mashraf () hushmail com
Sent: Jun 27, 2005 7:05 AM
To: focus-ids () securityfocus com
Subject: eEye Blink and other Endpoint IPS solutions. 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

Is there anyone out there using Host Based Intrusion Detection
systems like eEye's Blink that would care to comment on their
performance? What I'd like to know is what kind of impact they have
on system performance and how their effectiveness compares to NIPS.
They seem to be far cheaper for small to medium size businesses and
would seem to avoid the question of whether the IPS can handle
network traffic greater than 1Gbs. Or am I trying to compare apples
and oranges?

Thanks,
Mina
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkUEARECAAYFAkK/3WcACgkQbCO63n74eTMykQCdHVG9qBTDlM+hTCbpXyaMeYfgCGEA
mNG0NCAshWhaO/l1k+qYHHq9PqM=
=c6ai
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------



"The Truth Lies at the Heart of the Art of Combat.  Once it is mastered, Though shall fear no one, though the devil 
himself may bar thy way...."

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------