Host-based IDSs tend to rely on signatures—the code-string fingerprints of a known attack—to trigger alerts. The trouble is, hackers create new attacks every day. If they attack an organization using a technique that's not in the database of the IDS, the company is vulnerable. In response, vendors are offering products that look for suspicious activity and proactively block those potential attacks. Here's a sampling of offerings:
Entercept Security Technologies
San Jose
Entercept Security Technologies' Entercept 2.0 consists of a software agent that resides near the host's operating system kernel. It monitors system calls before they reach the kernel, uses a rules engine to identify potentially suspicious activity and then either halts the activity or notifies the administrator.
Recourse Technologies Inc.
Redwood City, Calif.
Recourse Technologies Inc. offers ManHunt, which performs the duties of a traditional IDS and uses an approach similar to Entercept's to identify new attacks.
The drawback: Some legitimate activities in an organization may trip these systems. The staff will then need to define exceptions. Otherwise, the organization could wind up suffering too many false positives.
"These things are good for big hosting facilities, telcos and maybe financial [services firms]," says Hurwitz Group analyst Peter Lindstrom, because security is so vital to such organizations and attacks are so common.
Security Risk and Reward
Stories in this report:
- Want to Save Some Money? Automate Password Resets
- Knowldge Quest
- Companies Need Security Pros With More Varied Skills
- Finding Answers
- The Enemy Within
- The Threat of XML
- SOAP, Other Protocols Specify Security for XML
- The Problem With Power
- Top 10 Security Mistakes
- Playing By Europe's Rules
- False Alarm?
- An Ounce of Intrusion Prevention
- Deadly Pursuit
- IDS Products and Prices
- Should You Outsource IDS?
- Who He Is
- Manager Offers Primer On Computer Forensics
- Unlocking Secure Online Commerce
- Too Late For Digital Certificates?
- Giving Users Back Their Privacy
- Feeling Safe With IT Security Deals
- Finjan's Software Bolcks Active Content Threat
- Security Statistics
- The Guardian
- Congress Considers Slew of Bills That Will Affect IT, E-Commerce
- U.S. Legislators Ponder Masses of Bills; Outlook Remains Murky
- Rule Changes May Further Protect Company Security Data
- Getting Started in Computer Forensics
- PKI Carries the Mail for U.S. Postal Service
- Security by Syntax