I use SEP12.1 and can’t say that it does anything like OSSEC as far as I can tell. It doesn’t collect third party logs, it doesn’t have programmable “active-response”. I suppose at the highest level, it does have an agent that looks for behaviors, takes actions and reports back to a server – but in practice they are so different to be different animals IMO.
-- James Pulver LEPP Computer Group Cornell University From: [email protected] [mailto:[email protected]] On Behalf Of ninefofo Sent: Wednesday, July 18, 2012 9:46 AM To: [email protected] Subject: [ossec-list] Comparisons Hello, Does Symantec Endpoint Protection 12.1 offer similar functionality to OSSEC? I read an article on SANS: http://www.sans.org/security-resources/idfaq/what_is_hips.php It indicates that a 'Not Free' solution of Symantec Endpoint Protection in comparison to OSSEC. Is this a valid comparison of the two products with regards to HIDS? I know that SEP is a premiere corporate antivirus, but how does SEP solve for HIDS in comparison to OSSEC? Thank You Brad
