Channel Marker

Apr 17 2007   4:00PM GMT

LANDesk gets ready to join host of host-based intrusion detectors



Posted by: Brein Matturro
Tags:
Network and application security
Networking technology

LANDesk is getting ready to announce an addition to its lineup of systems management and security products.

On April 29 the company plans to announce a Host-Based Intrusion Prevention System (HIPS) that will plug into the administration console and function as a part of its overall Security Suite.

The system relies on fairly heavy duty software that sits on each client machine, tracking the activity and requests of each piece of software on it.

The client software (which LANDesk refers to as the host) stores in a local database comprehensive data about the activity of the software on the machine – when it asked for Internet access and whether it had permission; what new applications showed up and what they did; what activities forbidden by security policy the software attempted.

IT administrators create the policies from a central console, assigning individual end users to either profile that defines the applications they can run and what those applications can do, or create a custom set of permissions for one or more users.

The client software itself identifies “normal” activity for each application by sitting on the machine for enough time (LANDesk recommends two weeks) to establish normal activity for each application.

LANDesk execs, who emphasize that the company sells 100% of its products through the channel, said behavior-based analysis is a more reliable way to identify malicious code than by virus signatures that have to be updated frequently; they also said that storing the security profiles and analysis engine on laptops and PCs protects the machines even when they’re disconnected from the network, and doesn’t require a period of quarantine when they reconnect.

Symantec offers much the same behavior-based HIPS approach, however, as does McAfee , and a variety of other vendors  

Host-based protection is the last line of defense for the enterprise,” according to an estimation Dan Blum, a security analyst at The Burton Group, based in Midvale,
Utah provided to IT administrator site
SearchWinIT.com.

LANDesk’s product will be released May 9; pricing was unavailable.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: