On April 29 the company plans to announce a Host-Based Intrusion Prevention System (HIPS) that will plug into the administration console and function as a part of its overall Security Suite.
The system relies on fairly heavy duty software that sits on each client machine, tracking the activity and requests of each piece of software on it.
The client software (which LANDesk refers to as the host) stores in a local database comprehensive data about the activity of the software on the machine – when it asked for Internet access and whether it had permission; what new applications showed up and what they did; what activities forbidden by security policy the software attempted.
IT administrators create the policies from a central console, assigning individual end users to either profile that defines the applications they can run and what those applications can do, or create a custom set of permissions for one or more users.
The client software itself identifies “normal” activity for each application by sitting on the machine for enough time (LANDesk recommends two weeks) to establish normal activity for each application.
LANDesk execs, who emphasize that the company sells 100% of its products through the channel, said behavior-based analysis is a more reliable way to identify malicious code than by virus signatures that have to be updated frequently; they also said that storing the security profiles and analysis engine on laptops and PCs protects the machines even when they’re disconnected from the network, and doesn’t require a period of quarantine when they reconnect.
“Host-based protection is the last line of defense for the enterprise,” according to an estimation Dan Blum, a security analyst at The Burton Group, based in Midvale,
Utah provided to IT administrator site SearchWinIT.com.
LANDesk’s product will be released May 9; pricing was unavailable.