Re: eEye Blink and other Endpoint IPS solutions.

From: Mark Teicher (mht3_at_earthlink.net)
Date: 06/28/05

  • Next message: Billy Dodson: "RE: eEye Blink and other Endpoint IPS solutions." 
    Date: Tue, 28 Jun 2005 08:09:05 -0400 (GMT-04:00)
To: focus-ids@securityfocus.com

    You are trying to compare apples and oranges. From a base level, each vendor provides their unique feature set to address end point Host Based Intrusion Detection concerns and enterprise or organization may have. Not all cover all available operating systems, some vendors have some coverage beyond the typical Windows operating system platform, some don't at all. Some of the back ends require MS SQL, runtime MS SQL, MySQL and cross your fingers support for Oracle 8.x, 9.x, etc. The question regarding performance for 1Gbs for a small to medium sized business is a bit pointless since an enterprise/organization lowest type of network connection may be a remote user using dial-up from a hotel, so therfore being able to detect rogue attacks, viruses, spyware or a former intelligence agency type guy turned rogue "security researcher" is highly unlikely. But every once in a while, yo may observe a "pingflood" generated by a targa2.c script or portscan from the "security researcher" using commonly available network tools such as: nmap, nessus, Qualys consultant.
    Assembling a list of what your small to medium sized business end point security concerns would be a good place to start. Once that work is done, examining the data sheets of the various vendors in the market segment would be the second step, assembing a RFI or RFQ to send to vendors would be formal step in the process, but nontheless, let the vendors provide their knowledge to answer your questions based on your security concerns therefor saving yourself from "scratching your head" or contacting business partners who have a really slick security slide deck/preso to show but don't have the necessary hands-on experience or technical background to assist you with your research.

    /cheers

    /mht

    -----Original Message-----
    From: mashraf@hushmail.com
    Sent: Jun 27, 2005 7:05 AM
    To: focus-ids@securityfocus.com
    Subject: eEye Blink and other Endpoint IPS solutions.

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Hi,

    Is there anyone out there using Host Based Intrusion Detection
    systems like eEye's Blink that would care to comment on their
    performance? What I'd like to know is what kind of impact they have
    on system performance and how their effectiveness compares to NIPS.
    They seem to be far cheaper for small to medium size businesses and
    would seem to avoid the question of whether the IPS can handle
    network traffic greater than 1Gbs. Or am I trying to compare apples
    and oranges?

    Thanks,
    Mina
    -----BEGIN PGP SIGNATURE-----
    Note: This signature can be verified at https://www.hushtools.com/verify
    Version: Hush 2.4

    wkUEARECAAYFAkK/3WcACgkQbCO63n74eTMykQCdHVG9qBTDlM+hTCbpXyaMeYfgCGEA
    mNG0NCAshWhaO/l1k+qYHHq9PqM=
    =c6ai
    -----END PGP SIGNATURE-----

    Concerned about your privacy? Follow this link to get
    secure FREE email: http://www.hushmail.com/?l=2

    Free, ultra-private instant messaging with Hush Messenger
    http://www.hushmail.com/services-messenger?l=434

    Promote security and make money with the Hushmail Affiliate Program:
    http://www.hushmail.com/about-affiliate?l=427

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

    "The Truth Lies at the Heart of the Art of Combat. Once it is mastered, Though shall fear no one, though the devil himself may bar thy way...."

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------

  • Next message: Billy Dodson: "RE: eEye Blink and other Endpoint IPS solutions."
    • Quantcast