Gartner Research

Replacement HIPS? Enterprise Considerations for Selecting Host Intrusion Prevention Systems

Published: 10 March 2006

ID: G00203164

Analyst(s): Diana Kelley

Summary

The buzz factor surrounding fast-moving attacks has been high for well over a year, and companies are anxious to implement desktop and server protection that is more proactive than current signature-based anti-virus and anti-spyware offerings. A class of solutions known as host intrusion prevention systems (HIPS) has emerged to fill the need. But what do HIPS actually do? Are they really a replacement for or necessary adjunct to anti-virus products? This report reviews the current state of HIPS and what enterprises need to know when considering a HIPS deployment.

Table Of Contents

Synopsis

Analysis

  • Problems and Drivers in Host Protection
  • HIPS and Other Approaches Emerge
  • Prevent or React?
  • Detection Challenges
    • Signatures: The Arms Race
    • Behavior-Based: The Year of Magical Thinking
    • Rules and Inspection: An Ounce of Prevention
  • Too Much of a Good Thing?
  • Real Cost of Deployment
  • Replacement or Unification?
  • Market Impact
  • Market Dynamics
  • Client Perspectives
    • Massive Deployments and Management
    • No Desktop or Server Left Behind
    • Single-Vendor Dependence
  • Recommendations

The Details

  • Port Blocking
  • Packet Inspection
  • Device Blocking
  • Application Whitelist/Blacklist
  • System Call Interception and Code Wrappers
  • Signatures
  • Behavioral Analysis
  • Static Rules
  • Sandboxing
  • How the Vendors Do It
  • The Vendors
    • Bit9
    • CA
    • Check Point Software Technologies
    • Cisco Systems
    • Determina
    • eEye Digital Security
    • ISS
    • McAfee
    • Panda Software
    • PivX
    • Prevx
    • Sana Security
    • SecureWave
    • Symantec
    • Third Brigade

Conclusion

©2019 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. It consists of the opinions of Gartner’s research organization, which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For further information, see Guiding Principles on Independence and Objectivity.

Already have a Gartner Account?

Become a client

Learn how to access this content as a Gartner client.