Re: Host IPS -vs- Network IPS? Do we need both?



Hello,

It all comes down to perimeters and risk. Do you have remote or
traveling workers? If so, they will often be outside the protection
provided by your enterprise NIPS and HIPS would be better. So if you
have to choose then look at your environment and select the most
secure, least cost/overhead option.

As for alternatives such as file integrety checkers and AV... nothing
gets it all and each addition is an improvement. You must wiegh the
cost in purchase, support and performance against the benefit gained
and the workforces willingnes to "put up with" any performance hits.
Typically file integrety checkers can only be used with specific
system files and will not prevent or detect viruses that do not target
those files (providing a false sence of secuirty). AV, even regularly
updated, will not catch everything and all variants but your best bet
is one that is, or includes, heuristic detection to improve the chance
of it catching hostile code that it does not have specific definitions
for.

Hope this helps.

Adeel

On Wed, Dec 3, 2008 at 11:48 AM, <lister@xxxxxxxxx> wrote:
Some IPS vendors do not offer a Host IPS solution

Is there really a need for Host IPS if you already have Network IPS covering
the same network area? What about if you already have other solutions on the
host (ie. file integrity)?

The overhead associated with Host IPS is very high (manage agent installs,
kernel module conflicts, etc). Just curious if Host IDS is worth it if
the same coverage is provided with a Network IDS.




Relevant Pages

  • Host IPS -vs- Network IPS? Do we need both?
    ... Some IPS vendors do not offer a Host IPS solution ... Is there really a need for Host IPS if you already have Network IPS covering ... Just curious if Host IDS is worth it if ...
    (Security-Basics)
  • Re: Host IPS -vs- Network IPS? Do we need both?
    ... I'm not surprised at all that vendors may offer one or the other; HIPS and NIPS are two very different products. ... Do HIPS and NIPS overlap? ... And that is only assuming all your hosts stay on your network. ... Is there really a need for Host IPS if you already have Network IPS covering ...
    (Security-Basics)
  • Re: Categories of IDS
    ... BISYS Network Security Group ... I really need to update the categories of IDS on my website. ... Long overdue Host IPS - Has anyone got a list that I can use for starters ...
    (Focus-IDS)