RE: Looking for Host Based IDS

From: cool cash (cool_cash_1999@yahoo.com)
Date: 12/18/01 

Date: Tue, 18 Dec 2001 12:16:18 -0800 (PST)
From: cool cash <cool_cash_1999@yahoo.com>
To: "Schroeder, Eric" <Eric.Schroeder@westgroup.com>, 'Guy Fighel' <GuyF@xpert.com>, focus-ids@securityfocus.com

Check out Entercept www.entercept.com. They're not
dependent upon signatures to detect attacks and they
use behavorial rules to interrogate system-level calls
before execution. Entercept is Cisco's HIDS offering.

CASH
--- "Schroeder, Eric" <Eric.Schroeder@westgroup.com>
wrote:
> Guy,
> I just went through this same search. I didn't
> find many HIDS that
> would truly fingerprint the box (running processes,
> open ports, file
> integrity), but I did find one that came close.
> It's called Pentasafe
> (www.pentasafe.com), and it's commercial. Good
> luck.
>
> Eric Schroeder
>
>
> -----Original Message-----
> From: Guy Fighel [mailto:GuyF@xpert.com]
> Sent: Monday, December 17, 2001 9:34 AM
> To: focus-ids@securityfocus.com
> Subject: Looking for Host Based IDS
>
>
> Hello,
>
> Can someone recommend about a good Host Based IDS
> that looks for suspicious
> operating system processes?
> I need the ability to write a specific policy for
> specific system processes
> and need that the IDS will report about any
> modifications.
>
> I would appreciate your help,
>
> Guy.

__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com

Quantcast