Hello!

I am a Security Analyst for a 10k+ user network. Currently I have been tasked with finding a suitable Hostbased IPS solution. Ive looked at several inlcuding McAfee' IntruShield but am looking for some solid advice from anyone who may have any ideas.

Thanks!

Trekk

Hi Trekk, :)

Welcome to Wilders'

I've moved your post to the other anti-malware forum which includes HIPS protection, it will receive better attention in this forum.

Best Wishes with the Quest of the Right Solution.

Regards;

Steve

Thank You Steve! I'm new here and was not quite sure where to put it :)


Trekk

10K+ users means you are looking for a product that includes centralised installation, configuration and reporting which rules out almost all of the products normally discussed here (which are aimed at individual users). The only likely candidate would be Tiny Firewall (http://www.tinysoftware.com/home/tiny2?la=EN) (which includes process, registry and file access control) which can be controlled from a central location using their Host Security Server (http://www.tinysoftware.com/home/tiny2?pg=content05&an=mhss_intro) product.

However Tiny is something that can take a while to set up - creating a company/enterprise-wide configuration doubly so. In addition Tiny themselves have been recently acquired (http://www.tinysoftware.com/home/tiny2?pg=content05&an=news_caacq) by Computer Associates which always adds an element of doubt in terms of product support.

As an alternative, you may wish to check out malware scanners designed for enterprise use like BOClean (http://www.nsclean.com/). This would involve far less configuration work and can be set up to run invisibly from users.

-{ Quote: "I am a Security Analyst for a 10k+ user network. Currently I have been tasked with finding a suitable Hostbased IPS solution. Ive looked at several inlcuding McAfee' IntruShield but am looking for some solid advice from anyone who may have any ideas." }-I'd recommend taking a peek at the Safe'n'Sec (http://www.star-force.com/computer_security/). They do have a business package with centralized management. The one thing about most of these packages right now is that they're geared for standalone workstations, this product is at least tackling centralized deployment and management. I run it at home on multiple PC's, it's very stable on my systems thus far.

Blue

Eeye's Blink (http://www.eeye.com/html/products/blink/images/index.html) is another option that appears to target business users (although in this case, by charging too high a price for home users...).

Thank you for the info, I will look into these and see if they will work.


Trekk