I am new to this organization. I would like to know , whether i would need HIPS for my organization. I have Mc Afee Antivirus on my machines. And the systems seem to be having no problems. But how can this HIPS help me protect the system even more. Could any one tell me the subtle differences between HIPS and antivirus.
While McAfee Antivirus protects the endpoint from both known and some unknown malware, it doesn't inspect network traffic or protect systems from known vulnerabilities. Think of HIPs like our TSA employees and x-ray equipment at the airport security checkpoints. Every article you slide through the x-ray machine is like the HIPs network layer inspection. Every network packet is inspected for both known exploits and behaviors that appear to be suspect. The same is true of the TSA employees and their equipment. HIPs can provide busy administrators with some level of protection against zero-day vulnerabilities, and adequate time to test patches for vulnerabilities. I could go on and on with this, but the point is HIPs provides a good layer of protection to laptops, desktops, and servers; and the McAfee product combines intrusion prevention with a stateful firewall.
Jeff McCarthy, CISSP, CISA
Thank you for you response. But i would also like to know , if HIPS alone is enough. And by endpoints you mean application ? and HIPS is for the entire system? So if i use HIPS it should be enough right because, you are stopping the malware from entering the system right. I am a lay man, could you shed some light on this?
Endpoints are a newer term around endpoint protection for laptops, desktops, and servers. Many years ago antivirus software was enough, but not today.
The reason I used the TSA analogy is because they haven't prevented every malicious object or person from getting on a plane, so no HIPs is not a silver bullet, and there isn't one.
Multiple layers of defense is still practical today!
It's all about managing the risk to acceptable level for management. How much security is enough? What level of protection does management want to pay for to protect a particular endpoint with company information on it?
If you live in a high crime area you may have bars on your windows, but if you live in a country setting you may not lock your windows at night.
I hope this helps.