You are trying to compare apples and oranges. From a base level, each vendor
provides their unique feature set to address end point Host Based Intrusion
Detection concerns and enterprise or organization may have. Not all cover all
available operating systems, some vendors have some coverage beyond the typical
Windows operating system platform, some don't at all. Some of the back ends
require MS SQL, runtime MS SQL, MySQL and cross your fingers support for Oracle
8.x, 9.x, etc. The question regarding performance for 1Gbs for a small to
medium sized business is a bit pointless since an enterprise/organization
lowest type of network connection may be a remote user using dial-up from a
hotel, so therfore being able to detect rogue attacks, viruses, spyware or a
former intelligence agency type guy turned rogue "security researcher" is
highly unlikely. But every once in a while, yo may observe a "pingflood"
generated by a targa2.c script or portscan from the "security researcher" using
commonly available network tools such as: nmap, nessus, Qualys consultant.
Assembling a list of what your small to medium sized business end point
security concerns would be a good place to start. Once that work is done,
examining the data sheets of the various vendors in the market segment would be
the second step, assembing a RFI or RFQ to send to vendors would be formal step
in the process, but nontheless, let the vendors provide their knowledge to
answer your questions based on your security concerns therefor saving yourself
from "scratching your head" or contacting business partners who have a really
slick security slide deck/preso to show but don't have the necessary hands-on
experience or technical background to assist you with your research.
/cheers
/mht
-----Original Message-----
From: mashraf@hushmail.com
Sent: Jun 27, 2005 7:05 AM
To: focus-ids@securityfocus.com
Subject: eEye Blink and other Endpoint IPS solutions.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
Is there anyone out there using Host Based Intrusion Detection
systems like eEye's Blink that would care to comment on their
performance? What I'd like to know is what kind of impact they have
on system performance and how their effectiveness compares to NIPS.
They seem to be far cheaper for small to medium size businesses and
would seem to avoid the question of whether the IPS can handle
network traffic greater than 1Gbs. Or am I trying to compare apples
and oranges?
Thanks,
Mina
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4
wkUEARECAAYFAkK/3WcACgkQbCO63n74eTMykQCdHVG9qBTDlM+hTCbpXyaMeYfgCGEA
mNG0NCAshWhaO/l1k+qYHHq9PqM=
=c6ai
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
"The Truth Lies at the Heart of the Art of Combat. Once it is mastered, Though
shall fear no one, though the devil himself may bar thy way...."
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
