Computerworld - Host-based IDSs tend to rely on signatures—the code-string fingerprints of a known attack—to trigger alerts. The trouble is, hackers create new attacks every day. If they attack an organization using a technique that's not in the database of the IDS, the company is vulnerable. In response, vendors are offering products that look for suspicious activity and proactively block those potential attacks. Here's a sampling of offerings:
Recourse Technologies Inc.
Redwood City, Calif.
(www.recourse.com)
Recourse Technologies Inc. offers ManHunt, which performs the duties of a traditional IDS and uses an approach similar to Entercept's to identify new attacks.
The drawback: Some legitimate activities in an organization may trip these systems. The staff will then need to define exceptions. Otherwise, the organization could wind up suffering too many false positives.
"These things are good for big hosting facilities, telcos and maybe financial [services firms]," says Hurwitz Group analyst Peter Lindstrom, because security is so vital to such organizations and attacks are so common.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
