RE: Host Based IDS

[Andrew Plato <andrew.plato () anitian com>]

Very good Network IPS. Easy to use. Reliable. Good performance. We do a lot of pen testing and TippingPoints are 
consistenty one of the more difficult IPSs to penetrate.

TP is more oriented toward "set it and forget it." If you are a person who wants an IPS that gives you all the gory 
details and allows you to fiddle with every possible aspect of signatures, then TP probably isn't your choice.  Its 
more oriented toward places that need strong application-layer filtering and detection and do not want to fiddle with 
signatures. 

And yes, my company sells TippingPoint. 

Andrew Plato, CISSP, CISM, QSA
President/Principal Consultant
Anitian Enterprise Security 
 

-----Original Message-----
From: Rafael Dreher [mailto:rafael_dreher () sicredi com br] 
Sent: Tuesday, October 21, 2008 9:32 AM
To: Andrew Plato; 'Security Group'; focus-ids () securityfocus com
Subject: RES: Host Based IDS

Does anyone has an opinion on TippingPoint UnityOne IPS?

I thinks it´s a really good one.

--
Rafael Dreher
Analista de Infra-Estrutura de Segurança Projetos de Infra-estrutura de TI Confederação SICREDI - Porto Alegre
(51) 3358-8363 /(51) 9275-9014
http://www.sicredi.com.br


> -----Mensagem original-----
> De: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> Em nome de Andrew Plato
> Enviada em: terça-feira, 21 de outubro de 2008 13:00
> Para: Security Group; focus-ids () securityfocus com
> Assunto: RE: Host Based IDS
>
> I like IBM-ISS Proventia. It's a very powerful HIPS/HIDS. Hard to beat
> the old BlackICE engine that's inside it. Its still one of the best
> IDS/IPS engines on the market.  The new Proventia Server 2.0 has a very
> rich feature set. And IBM-ISSs integration with their scanner, NIPS and
> ADS via SiteProtector is very powerful. It does have a steep learning
> curve however.
>
> Tripwire, incidentally is not  HIDS/HIPS. It is a file integrity
> monitoring product. Useful, but IBM Proventia has that plus a whole lot
> more.
>
> Andrew Plato, CISSP, CISM, QSA
> President/Principal Consultant
> Anitian Enterprise Security
>
>
> -----Original Message-----
> From: listbounce () securityfocus com
> [mailto:listbounce () securityfocus com]
> On Behalf Of Security Group
> Sent: Monday, October 20, 2008 5:13 AM
> To: focus-ids () securityfocus com
> Subject: Host Based IDS
>
> Hello,
>
> I am currently evaluating several host-based Intrusion Detection
> Systems
> to monitor servers in a DMZ. My company only wants to monitor for
> suspecious behaviour on critical servers, without the need for a
> company
> wide security system. I am not interested in a network-bases ids
> because
> this is already covered by our company.
> The list below contains my findings so far;
>
> OSSEC
> Open Source Tripwire
> SAMHAIN
> OSIRIS
> AIDE
> Third Brigade Deep Security
> Symantec Critical System Protection
> IBM Proventia
> Enterasys Dragon IDS/IPS
> McAfee Total Protection for Endpoint
> CA Host-Based Intrusion Prevention System r8 GFiEventsManager Cisco
> Security Agent
>
> I am thinking of suggesting OSSEC. Does anyone have any other
> suggestions?
>
> Thanks in advance.
>
> _________________________________________________
> NOTICE:
> This email may contain confidential information,
> and is for the sole use of the intended recipient.
> If you are not the intended recipient, please reply
> to the message and inform the sender of the error
> and delete the email and any attachments from
> your computer.
> _________________________________________________
>
>
>
> -----------------------------------------------------------------------
> -
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to
> http://www.coresecurity.com/index.php5?module=Form&action=impact&campai
> gn=intro_sfw
> to learn more.
> -----------------------------------------------------------------------
> -



As informacoes contidas neste e-mail e anexos podem ser confidenciais e privilegiadas, protegidas por sigilo legal. 
Qualquer forma de utilizacao deste documento depende de autorizacao do emissor, sujeito as penalidades cabiveis. O 
emissor utiliza o recurso somente para fins profissionais, eximindo o empregador de responsabilidades por uso pessoal 
ou improprio. Se esta mensagem foi recebida por engano, o conteudo deve ser apagado e o remetente avisado 
imediatamente, atraves de resposta a este e-mail.

_________________________________________________
NOTICE:
This email may contain confidential information, 
and is for the sole use of the intended recipient.  
If you are not the intended recipient, please reply 
to the message and inform the sender of the error 
and delete the email and any attachments from 
your computer. 
_________________________________________________



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------