On 18.07.2012 08:46, ninefofo wrote:
Hello,
Does Symantec Endpoint Protection 12.1 offer similar functionality to
OSSEC? I read an article on SANS:
I have used and supported both extensively so I suppose I can respond
somewhat fairly. SEP is mainly focused on malware and network attacks.
It can prevent exploitation of many vulnerabilities by intercepting the
attack at the network layer (along with some legitimate production
stuff). It doesn't do log analysis and correlation and I don't recall it
doing file integrity.
OSSEC, by contrast, has it's roots more in the log analysis side and
does not venture into the HIPS side. It *can* prevent breaches by way of
active response if the attack attempt is detected in the enumeration
stage, as it often is.
Is this a valid comparison of the two products with regards to HIDS?
I
know that SEP is a premiere corporate antivirus, but how does SEP
solve for HIDS in comparison to OSSEC?
It is mostly fair, with the exception that OSSEC does not try to be a
HIPS. I believe OSSEC will provide you with more actionable intelligence
overall, and don't forget that it can read Symantec logs. :) Both, used
together, would be the obvious advantage.
