Re: Looking for Host Based IDS
From: Greg Shipley (gshipley@neohapsis.com)Date: 12/17/01
- Previous message: Guy Fighel: "Looking for Host Based IDS"
- In reply to: Guy Fighel: "Looking for Host Based IDS"
- Next in thread: George Milliken: "RE: Looking for Host Based IDS"
- Reply: George Milliken: "RE: Looking for Host Based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Dec 2001 11:01:54 -0600 (CST) From: Greg Shipley <gshipley@neohapsis.com> To: Guy Fighel <GuyF@xpert.com>
On Mon, 17 Dec 2001, Guy Fighel wrote:
> Can someone recommend about a good Host Based IDS that looks for
> suspicious operating system processes? I need the ability to write a
> specific policy for specific system processes and need that the IDS
> will report about any modifications.
While I wouldn't classify it as an IDS, Okena's "Storm Watch" product
gives you the ability to monitor system calls and alert/block actions that
go outside the process' "profile." It does not look for rogue processes,
but you can create policies that watch all existing processes. It's a
cool concept, although I think it's only available on NT/2000 right now.
You might want to check it out, depending on what you are trying to do.
-Greg
- Previous message: Guy Fighel: "Looking for Host Based IDS"
- In reply to: Guy Fighel: "Looking for Host Based IDS"
- Next in thread: George Milliken: "RE: Looking for Host Based IDS"
- Reply: George Milliken: "RE: Looking for Host Based IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
