Layer9   0 pts.  |   Dec 21 2005  7:29PM GMT

Sure,

We sell very good HIDS product called BLINK, by eEye Digital Security.

As HIDS go it’s cost effective and very simple to implement.

Chris Weber
 <a href="http://Layer9corp.com" title="http://Layer9corp.
" target="_blank">Layer9corp.com</a>

mazzie   0 pts.  |   Dec 21 2005  7:46PM GMT

Hi,

McAfee Entercept is the one i’d recommend.

Ray

Whitecap   0 pts.  |   Dec 22 2005  4:14AM GMT

The previous answers are all sound. However, it also depends on whether you want to spend any money or not and what OS you are using. If you are using Win2K3SP1 then running the advance security configuration Wizard and enabling the firewall does quite a sound job of locking the server down (plus of course keeping up to date with your patches) at no cost. If you have a budget and/or a mixed Wintel environment then Cisco, CA and Entrust all supply very effective products.

marcjacquard   0 pts.  |   Dec 22 2005  5:42AM GMT

I had to do “due dilligence” on this subject a few years ago for a large financial corporation. McAfee Entercept won hands down. It is by far the best product on the market. So far, in all testing, it is the only one that did not let exploits in on unpatched machines. If you decide to bench the products, the top three are ISS, McAfee and Cisco CSA. See if you can get a copy of Core Impact and then test each agent to see if you can get into the box. McAfee actually uses Core to demonstrate their product.

Klyph100   0 pts.  |   Dec 22 2005  7:18AM GMT

We have been looking at this for an alternative <a href="http://www.lightspeedsystems.com" title="http://www.lightspeedsystems. " target="_blank">www.lightspeedsystems.com</a> let me know what you think

Klyph

gforce11   0 pts.  |   Dec 22 2005  2:56PM GMT

DISCLAIMER: I may be straddling the fence between selling and disseminating new information here.

We will soon be selling a new technology that incorporates the next generation of intrusion counter measures, which we have coined IQS, for Intrusion Quashing System. I suppose it could stand for a more intelligent approach to security, since unauthorized access attempts just fall off the system as non-events.(no packet inspections, behavioral analysis, signatures or false positives) This is a comprehensive security solution, more than just a HIP solution, which provides end-to-end security including protection against internal intrusion by providing a trusted operating environment. Like HIPS, it is a commercial product, but with greater ROI.

Happy to chat about it with anyone interested, for future reference.

gregb2468   0 pts.  |   Dec 22 2005  4:26PM GMT

We use Cisco IDS boxes. They are also fairly straightforward to implement and do a great job. We ran an intrusion/penetration test just last month and they did the job.

Footerest   5 pts.  |   Dec 23 2005  2:54PM GMT

We have been using ISS Server Sensor for 3-4 years now. We are curently using 7.0 on 210 servers. I highly recommend it especially the SiteProtector console functionality.

JakubK   0 pts.  |   Jan 2 2006  9:49AM GMT

Thanks guys. Some tools you mentioned here look very promising. Thanks again.

Jakub.