I like IBM-ISS Proventia. It's a very powerful HIPS/HIDS. Hard to beat the old BlackICE engine that's inside it. Its still one of the best IDS/IPS engines on the market. The new Proventia Server 2.0 has a very rich feature set. And IBM-ISSs integration with their scanner, NIPS and ADS via SiteProtector is very powerful. It does have a steep learning curve however.
Tripwire, incidentally is not HIDS/HIPS. It is a file integrity monitoring product. Useful, but IBM Proventia has that plus a whole lot more. Andrew Plato, CISSP, CISM, QSA President/Principal Consultant Anitian Enterprise Security -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Security Group Sent: Monday, October 20, 2008 5:13 AM To: [email protected] Subject: Host Based IDS Hello, I am currently evaluating several host-based Intrusion Detection Systems to monitor servers in a DMZ. My company only wants to monitor for suspecious behaviour on critical servers, without the need for a company wide security system. I am not interested in a network-bases ids because this is already covered by our company. The list below contains my findings so far; OSSEC Open Source Tripwire SAMHAIN OSIRIS AIDE Third Brigade Deep Security Symantec Critical System Protection IBM Proventia Enterasys Dragon IDS/IPS McAfee Total Protection for Endpoint CA Host-Based Intrusion Prevention System r8 GFiEventsManager Cisco Security Agent I am thinking of suggesting OSSEC. Does anyone have any other suggestions? Thanks in advance. _________________________________________________ NOTICE: This email may contain confidential information, and is for the sole use of the intended recipient. If you are not the intended recipient, please reply to the message and inform the sender of the error and delete the email and any attachments from your computer. _________________________________________________ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
