The comparable product with ossec is Symantec Critical System Protection
2012/7/18 Michael Starks <[email protected]> > On 18.07.2012 08:46, ninefofo wrote: > >> Hello, >> >> Does Symantec Endpoint Protection 12.1 offer similar functionality to >> OSSEC? I read an article on SANS: >> > > I have used and supported both extensively so I suppose I can respond > somewhat fairly. SEP is mainly focused on malware and network attacks. It > can prevent exploitation of many vulnerabilities by intercepting the attack > at the network layer (along with some legitimate production stuff). It > doesn't do log analysis and correlation and I don't recall it doing file > integrity. > > OSSEC, by contrast, has it's roots more in the log analysis side and does > not venture into the HIPS side. It *can* prevent breaches by way of active > response if the attack attempt is detected in the enumeration stage, as it > often is. > > > Is this a valid comparison of the two products with regards to HIDS? I >> know that SEP is a premiere corporate antivirus, but how does SEP >> solve for HIDS in comparison to OSSEC? >> > > It is mostly fair, with the exception that OSSEC does not try to be a > HIPS. I believe OSSEC will provide you with more actionable intelligence > overall, and don't forget that it can read Symantec logs. :) Both, used > together, would be the obvious advantage. > -- Sebastián Gómez
