An Ounce Of Intrusion Prevention

Host-based IDSs tend to rely on signatures—the code-string fingerprints of a known attack—to trigger alerts. The trouble is, hackers create new attacks every day. If they attack an organization using a technique that's not in the database of the IDS, the company is vulnerable. In response, vendors are offering products that look for suspicious activity and proactively block those potential attacks. Here's a sampling of offerings:

    Entercept Security Technologies

    San Jose

    (www.entercept.com)

    Entercept Security Technologies' Entercept 2.0 consists of a software agent that resides near the host's operating system kernel. It monitors system calls before they reach the kernel, uses a rules engine to identify potentially suspicious activity and then either halts the activity or notifies the administrator.

    Recourse Technologies Inc.

    Redwood City, Calif.

    (www.recourse.com)

    Recourse Technologies Inc. offers ManHunt, which performs the duties of a traditional IDS and uses an approach similar to Entercept's to identify new attacks.

    The drawback: Some legitimate activities in an organization may trip these systems. The staff will then need to define exceptions. Otherwise, the organization could wind up suffering too many false positives.

    "These things are good for big hosting facilities, telcos and maybe financial [services firms]," says Hurwitz Group analyst Peter Lindstrom, because security is so vital to such organizations and attacks are so common.

Special Report

Security Risk and Reward

Stories in this report:

Related:

Copyright © 2001 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon