IDS mailing list archives

Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within)

From: mark12_30 () hotmail com
Date: 15 Jul 2005 08:20:21 -0000

Hello,

I'm interested in the general feel from people about what should be used in the following scenario:

- Large corporation (4000+ servers)
- Looking for Host-Based IDS/IPS for key servers
- Established 24x7 monitoring team
- Solution has to pick up common exploits (Buffer Overruns & API calls etc)
- Has large, established network IDS
- Only deploying on windows win2k & 2003 servers (web, email, app, db etc)
- Conservative windows server management group
- Implementing point solution SIEM (eg arcsight etc)

Given the above situation, what would you recomment?  I understand from a lot of research that HIPS is gathering 
momentum.  Any thoughts would be great, esp suggestions on products

Thank you

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within) mark12_30 (Jul 15)
- Re: Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within) Mark Teicher (Jul 18)
- <Possible follow-ups>
- RE: Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within) Brunner, Mark (Jul 17)
- RE: Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within) Andrew Plato (Jul 17)
  - Message not available
    - RE: Host-Based Intrusion Detection/Prevention. Which will you select? (Requirements within) Mark Teicher (Jul 18)