Does anyone has an opinion on TippingPoint UnityOne IPS? I thinks it´s a really good one.
-- Rafael Dreher Analista de Infra-Estrutura de Segurança Projetos de Infra-estrutura de TI Confederação SICREDI - Porto Alegre (51) 3358-8363 /(51) 9275-9014 http://www.sicredi.com.br > -----Mensagem original----- > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Em nome de Andrew Plato > Enviada em: terça-feira, 21 de outubro de 2008 13:00 > Para: Security Group; [email protected] > Assunto: RE: Host Based IDS > > I like IBM-ISS Proventia. It's a very powerful HIPS/HIDS. Hard to beat > the old BlackICE engine that's inside it. Its still one of the best > IDS/IPS engines on the market. The new Proventia Server 2.0 has a very > rich feature set. And IBM-ISSs integration with their scanner, NIPS and > ADS via SiteProtector is very powerful. It does have a steep learning > curve however. > > Tripwire, incidentally is not HIDS/HIPS. It is a file integrity > monitoring product. Useful, but IBM Proventia has that plus a whole lot > more. > > Andrew Plato, CISSP, CISM, QSA > President/Principal Consultant > Anitian Enterprise Security > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > On Behalf Of Security Group > Sent: Monday, October 20, 2008 5:13 AM > To: [email protected] > Subject: Host Based IDS > > Hello, > > I am currently evaluating several host-based Intrusion Detection > Systems > to monitor servers in a DMZ. My company only wants to monitor for > suspecious behaviour on critical servers, without the need for a > company > wide security system. I am not interested in a network-bases ids > because > this is already covered by our company. > The list below contains my findings so far; > > OSSEC > Open Source Tripwire > SAMHAIN > OSIRIS > AIDE > Third Brigade Deep Security > Symantec Critical System Protection > IBM Proventia > Enterasys Dragon IDS/IPS > McAfee Total Protection for Endpoint > CA Host-Based Intrusion Prevention System r8 GFiEventsManager Cisco > Security Agent > > I am thinking of suggesting OSSEC. Does anyone have any other > suggestions? > > Thanks in advance. > > _________________________________________________ > NOTICE: > This email may contain confidential information, > and is for the sole use of the intended recipient. > If you are not the intended recipient, please reply > to the message and inform the sender of the error > and delete the email and any attachments from > your computer. > _________________________________________________ > > > > ----------------------------------------------------------------------- > - > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campai > gn=intro_sfw > to learn more. > ----------------------------------------------------------------------- > - As informacoes contidas neste e-mail e anexos podem ser confidenciais e privilegiadas, protegidas por sigilo legal. Qualquer forma de utilizacao deste documento depende de autorizacao do emissor, sujeito as penalidades cabiveis. O emissor utiliza o recurso somente para fins profissionais, eximindo o empregador de responsabilidades por uso pessoal ou improprio. Se esta mensagem foi recebida por engano, o conteudo deve ser apagado e o remetente avisado imediatamente, atraves de resposta a este e-mail. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
