 Personal Computers Protection
Corporate Networks Protection
Technologies
V.I.P.O. Technology
Technology sale
Safe`n`Sec 3.5 Test Methodology
User manual
Comments
Independent tests
Archive of personal protection products
|
Host Intrusion Prevention on the Security Software MapIntrusion prevention is a preemptive approach to network and workstation security used to identify potential threats and respond to them swiftly. Like an intrusion detection system (IDS), a network intrusion prevention system (NIPS) monitors network traffic. Meanwhile host intrusion prevention software (HIPS) monitors key system components and all running applications looking for suspicious behavior. Because an attack may be carried out very quickly, intrusion prevention systems have the ability to take immediate action, based on a set of rules.
| |
(LAN) Firewall |
Personal Firewall |
Anti-Spyware, Anti-Adware, etc. |
Antivirus |
Host Intrusion Prevention Software |
| Installs on |
Server |
Client |
Server and/or Client |
Server and/or Client |
Client |
| Effective against |
Network attacks |
Host attacks, spyware |
Specific malware |
Known viruses |
Any potential damage |
| Protective action |
Stop traffic |
Stop traffic / terminate application |
Wipe malicious files / applications |
Cure / quarantine / wipe infected files |
Block particular action attempted by application or block malicous application completely |
| Protective action is applied when |
Traffic is abnormal |
Traffic is abnormal |
Malware is detected |
File is damaged |
Risk of damage exists |
| Monitors |
Network traffic |
Network traffic |
Application code / Traffic |
Application code |
Application behavior |
| Check method |
Traffic analysis |
Traffic analysis |
Signature match / Traffic analysis |
Signature match |
Behavior analysis |
| Checks running applications |
No |
On alarm |
At launch |
At launch |
Constantly |
| Checks e-mail, downloads, web pages |
No |
No |
Yes |
Yes |
No |
| Checks static files on HDD |
No |
No |
Yes |
Yes |
No |
| System load |
Neglectible |
Moderate to neglectible |
Heavy to moderate |
Heavy to moderate |
Neglectible |
| Requires frequent updates |
No |
No |
Yes |
Yes |
No |
| Requires user attendance |
Seldom / Not at all |
Seldom / Not at all |
Often |
Seldom |
Seldom |
| Risks, limitations and drawbacks |
Host-based attacks |
Leaks, custom attacks |
New malware |
Zero-day viruses |
False alarms |
| Layer of security |
Outermost |
Outer |
Inner |
Inner |
Innermost |
| Required for multi-layer security |
Absolutely |
Recommended |
Recommended |
Absolutely |
Highly recommended |
| Examples |
IPX LAN Firewall,
SonicWALL |
Norton Personal Firewall
Zone-Alarm Pro
Agnitum Outpost |
Microsoft Antispyware
CA eTrust PestPatrol
Lavasoft Ad-Aware |
Symantec Norton AV
McAfee VirusScan
Kaspersky AVP |
Safe'n'Sec
Panda TruPrevent
Pro PrevX |
Print this page
|
|
