4 Key Qualities of Effective Host-Based Intrusion Prevention (HIP) Systems

The Four Key Qualities of Effective Host Intrusion Prevention (HIP) Solutions: Defining Deep HIP Organizations that need to protect sensitive information assets - in order to comply with corporate or regulatory policies, protect competitive advantage, or simply enable new business processes - have come to recognize Host Intrusion Prevention (HIP) as a critical component of a defense in-depth security strategy. This white paper explains what to look for in HIP products, and introduces the concept of "Deep HIP" as a means of characterizing effective solutions in this area.
TABLE OF CONTENTS EXECUTIVE SUMMARY.............................................................................................. 2
TODAY'S SECURITY BEST PRACTICES .................................................................. 3
A DEFENSE-IN-DEPTH STRATEGY IS IMPERATIVE ............................................................ 3 ECONOMICS OF THE SHRINKING PERIMETER................................................................... 3 HOST INTRUSION PREVENTION IS YOUR BEST, LAST LINE OF DEFENSE ............................ 4 BATTLEGROUND: WHERE DOES HIP MAKE SENSE ......................................................... 4
CONFUSION SURROUNDING HIP ............................................................................. 4
THE FOUR KEY QUALITIES OF EFFECTIVE HIP ..................................................... 6
1. COMPREHENSIVE PROTECTION.................................................................................. 6 2. HIGH PERFORMANCE................................................................................................ 8 3. ROBUST SECURITY................................................................................................... 8 4. LOW COST OF OWNERSHIP ....................................................................................... 9
LEARNING FROM FIRST GENERATION HIP APPROACHES ................................ 10
APPLICATION PROXY DATA FILTERING ......................................................................... 10 SYSTEM EXECUTION CONTROL ................................................................................... 10 ANALYSIS OF FIRST GENERATION APPROACHES ........................................................... 10
BRINGING IT ALL TOGETHER: DEFINING DEEP HIP............................................ 11
PROTECTING YOUR ORGANIZATION: THE NEED TO ACT NOW........................ 12
ABOUT THIRD BRIGADE ......................................................................................... 13 "Third Brigade", "Third Brigade, Inc.", "Payload Normalization", "Deep Security Solutions", and the Third Brigade logo are trademarks of Third Brigade, Inc. and may be registered in certain jurisdictions. Other Third Brigade graphics, logos, page headers, button icons, scripts, product names, and service names are trademarks or trade dress of Third Brigade. All other company and product names are trademarks or registered trademarks of their respective owners. The material provided in this document is for information purposes only. It is not intended to be advice. THIS DOCUMENT IS PROVIDED BY THIRD BRIGADE ON AN "AS IS" BASIS. THIRD BRIGADE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE QUALITY, ACCURACY OR COMPLETENESS OF THE INFORMATION CONTAINED IN THIS DOCUMENT.
© Copyright 2005 Third Brigade Inc. www.thirdbrigade.com All rights reserved. - i -
Executive Summary
Unrelenting and increasingly sophisticated attacks against enterprise networks have dramatically raised organizations' IT security risks. With the relative ease that many types of attacks by-pass perimeter security, traditional perimeter based security approaches are no longer sufficient to adequately protect enterprise assets. To combat these threats, security professionals are implementing multi-layered defenses, with the last line of defense being implemented at the host itself. Host Intrusion Prevention (HIP) is the last line of defense in a comprehensive defense-in-depth security strategy. While the need for this last layer of defense is becoming increasing evident, there remains considerable confusion over what constitutes a HIP product. To be practical, HIP should be viewed as security c... [download for more]