Here's a two pager primer on both that covers their use cases.
Thanks for your update but i am not getting clarity from those links.Can you please make me understand with 5-6 difference scenarios points.like on which point HIPS comes in picture...
HIPS is an additional layer of protection over VirusScan that can prevent malware from executing on the endpoint should VirusScan signatures miss it.
It monitors system activity and uses pre-defined or customizable set of signatures to recognize suspicious program behavior. When this type of activity is identified, HIPS can prevent the offending program from executing its malicious payload.
Scenario where HIPS is often used are:
- Protect software program like browsers, flash, java that cannot be patched right away or don't have a patch yet from the vendor against zero-day web exploits.
- HIPS can monitor network packets coming to or from that specific host (block network exploits that worms like Conficker or Slammer abuse to spread)
- Log or prevent system modifications a malicious user could make in order to circumvent security policies (user tampering with registry, system files or logs)
Also read past threads on this topic. Do need HIPS
I'd like to point out some key differences:
1) HIPs provides the ability to depict executables by hash, dig. cert., or description.... VSE does not.
2) HIPS provides the ability to do exceptions by user and a few other things... VSE does not.
3) HIPS has the ability to go beyond the File/Folder, Registry, and Port method and can also do hooks and specific programs, for example.