how many servers, os variations, what kind of changes are you looking to detect? basic file changes are easy, it's the rest of it that's complicated and functionality will vary. past that, reporting will be important to the managers, execs and if you have a lot of other things to manage - to you as well.
what exactly do you want to show them, will you need to back up any other responses with relevant data from your org? any other compliance or security initiatives in the company that you could support with the package or product? On Mon, Oct 20, 2008 at 8:12 AM, Security Group <[EMAIL PROTECTED]> wrote: > Hello, > > I am currently evaluating several host-based Intrusion Detection > Systems to monitor servers in a DMZ. My company only wants to monitor > for suspecious behaviour on critical servers, without the need for a > company wide security system. I am not interested in a network-bases > ids because this is already covered by our company. > The list below contains my findings so far; > > OSSEC > Open Source Tripwire > SAMHAIN > OSIRIS > AIDE > Third Brigade Deep Security > Symantec Critical System Protection > IBM Proventia > Enterasys Dragon IDS/IPS > McAfee Total Protection for Endpoint > CA Host-Based Intrusion Prevention System r8 > GFiEventsManager > Cisco Security Agent > > I am thinking of suggesting OSSEC. Does anyone have any other suggestions? > > Thanks in advance. > > Kind regards, > > Babel Timon > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
