Intrusion detection and prevention are two different things in my experience. IDS is used to detect the intrusion. Prevention is a process lifecycle all it's own.
If you have the opportunity to have something that does both with a single code-base that would be a good thing IMHO. AV is always going to be latent in it's ability to protect. That's the nature. It's one of the reasons that AV products are starting to come with personal firewalls which help to prevent outbound comm as well as inbound comm from occuring. Still comes down to user education and proper tuning no matter what they sell you. These are just one more tool to help you enforce those policies and reinforce the education. My 2 cents (USD) anyway. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kern, Tom Sent: Monday, December 13, 2004 6:06 PM To: ActiveDir (E-mail) Subject: [ActiveDir] OT: intrusion prevention my company is looking at getting cisco security agent for intrusion prevention. Personally, at $60,000, I think its a bit much. does anyone have any cheap intrusion prevention software they use out there? or can you lockdown your desktops enough via GPO's and good AV? we get alot of bots lately on our network. these bots infect fully patched boxes and start making outbound requests on ports 445 and 6667 flooding our network to a crawl and sometimes even DOSing our firewall. as i've said, they even infect patched pc's with fully updated AV defs(Symantec corporate 9.0). the attraction to cisco is that(according to cisco marketing..), an client agent is installed which will stop the action of any unauthorized app or service from running and alert an admin. still, i think there's got to be a cheaper way to stop this stuff. any ideas(or personal experience with cisco agent)? thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
