IDS mailing list archives

RE: Host Based IDS

From: Andrew Plato <andrew.plato () anitian com>
Date: Tue, 21 Oct 2008 08:00:03 -0700

I like IBM-ISS Proventia. It's a very powerful HIPS/HIDS. Hard to beat
the old BlackICE engine that's inside it. Its still one of the best
IDS/IPS engines on the market.  The new Proventia Server 2.0 has a very
rich feature set. And IBM-ISSs integration with their scanner, NIPS and
ADS via SiteProtector is very powerful. It does have a steep learning
curve however. 

Tripwire, incidentally is not  HIDS/HIPS. It is a file integrity
monitoring product. Useful, but IBM Proventia has that plus a whole lot
more. 

Andrew Plato, CISSP, CISM, QSA
President/Principal Consultant
Anitian Enterprise Security 
 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Security Group
Sent: Monday, October 20, 2008 5:13 AM
To: focus-ids () securityfocus com
Subject: Host Based IDS

Hello,

I am currently evaluating several host-based Intrusion Detection Systems
to monitor servers in a DMZ. My company only wants to monitor for
suspecious behaviour on critical servers, without the need for a company
wide security system. I am not interested in a network-bases ids because
this is already covered by our company.
The list below contains my findings so far;

OSSEC
Open Source Tripwire
SAMHAIN
OSIRIS
AIDE
Third Brigade Deep Security
Symantec Critical System Protection
IBM Proventia
Enterasys Dragon IDS/IPS
McAfee Total Protection for Endpoint
CA Host-Based Intrusion Prevention System r8 GFiEventsManager Cisco
Security Agent

I am thinking of suggesting OSSEC. Does anyone have any other
suggestions?

Thanks in advance.

_________________________________________________
NOTICE:
This email may contain confidential information, 
and is for the sole use of the intended recipient.  
If you are not the intended recipient, please reply 
to the message and inform the sender of the error 
and delete the email and any attachments from 
your computer. 
_________________________________________________



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------

Current thread:

Host Based IDS Security Group (Oct 20)
- Re: Host Based IDS Stefano Zanero (Oct 20)
  - Re: Host Based IDS Brad Lhotsky (Oct 21)
  - RE: Host Based IDS Kirk, James P. (Oct 21)
  - Message not available
    - Re: Host Based IDS Stefano Zanero (Oct 21)
  - Re: Host Based IDS jeffrey . stebelton (Oct 21)
    - Re: Host Based IDS JiPi DiNi (Oct 22)
- Re: Host Based IDS Dharmendra T (Oct 21)
- Re: Host Based IDS Erik Harrison (Oct 21)
  - Re: Host Based IDS belka (Oct 21)
- RE: Host Based IDS Andrew Plato (Oct 21)
  - RES: Host Based IDS Rafael Dreher (Oct 21)
    - RE: Host Based IDS Andrew Plato (Oct 22)
    - RE: Host Based IDS Leandro Venturini (Oct 24)
    - Re: Host Based IDS ॐ aditya mukadam ॐ (Oct 27)