This technology works by detecting OS system call anomalies. Experts uses them in addition to the typical signature-based virus/malware detection and firewall rulesets.
Some AV/Firewalls offer this feature, some are stand alone:
Bit9 - Parity - Audits and monitoring
CA- Host-based Intrusion Prevention System - Firewall and behavior-based detection
Check Point - Endpoint Security- Behavioral and Heuristic Malware detection, firewall, optional Kaspersky signature protection
Cisco - Cisco Security Agent (CSA) Behavior based detection for client, server, and embedded platforms, optional ClamAV signature detection
eEye Digital - Blink - various non-signature detection apps, firewall
F-Secure - Client Security - DeepGuard behavior monitoring, heuristics and sandboxing. Also AV and firewall
IBM ISS - Proventiz Server Intrusion Prevention System, Proventia Desktop security - various non-signature based systems, firewall, and signature based detection with Bit-Defender
LANDesk - Host Intrusion Prevention System - whitelist and behavior analysis
Lumension Security - Sanctuary Application Control - Policy-based endpoint application control
McAfee - Host intrusion Prevention - behavior and signature-based IPS rules, firewall, and application control
Sana Security - PrimaryResponse ,SafeConnect - Behavioral analysis attack detection
Sophos - Endpoint Security and Control - behavior based plus signature based system
Symantec - Endpoint Protection - Network and application behavior analysis, firewall and application control
Third Brigade - Deep Security - behavioral analysis for traffic control and application control, policy enforcement
TrendMicro - OfficeScan Client/Server edition - uses Third Brigade to compliment signature based detection, firewall
I suggest using one security application rather than the overkill of running several firewalls and AVPs. I might shutdown one security application and run another to see if one picks up what the other did not.
You should know what kind of system your firewall or AVP uses, is it signature based (which can be outdated) or is it just behavior based (which could be fooled by hiding in normal traffic patterns).
this will be added to the weblinks page soon!
DNR
HIPS - Host-based Intrusion Prevention Systems
HIPS - Host-based Intrusion Prevention Systems
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
- Big-E
- Administrator
- Posts: 1332
- Joined: 16 May 2007, 16:00
- 16
- Location: IN UR ____ , ____ING UR _____ .
- Contact:
You did not list anything open source?
Check out OSSEC (http://ossec.net) - it`s open source and highly configurable, was recently acquired by Third Brigade, but still free.
Check out OSSEC (http://ossec.net) - it`s open source and highly configurable, was recently acquired by Third Brigade, but still free.
-
- On the way to fame!
- Posts: 28
- Joined: 23 Jul 2008, 16:00
- 15
Huh! thanks for the tip, yea AVP companies get brought out so often you forget who used to be who.. (so this is good for cats worm project)
DNR
DNR
-
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.
He gives wisdom to the wise and knowledge to the discerning. He reveals deep and hidden things; he knows what lies in Darkness, and Light dwells with him.