HIPS thoughts
 JxT <jxt bufferoverflo ws> |
Monday, May 29 2006 22:36.45 CDT |
I've spent the last few years dabbling in and researching HIPS products, and have seen quite a few products come and go. I'm currently spending my time comparing some of the big players in the HIPS market like Cisco, Entercept, ISS, and a few others. It's interesting how diverse each product really is. I hope to finish up a paper on HIPS evasion based off of this research, it's been a blast, and I've learned alot about what companies say, and what the respective product actually will and will not do. Interestingly enough, when you start to figure out that the buffer overflow protection is incredibly limited, it kind of puts that whole snake oil spin on a given vendor for such poor implementations. Anyways, just a few thoughts for the evening. I read through Halvars blog, and have to agree, the next couple of years I believe also, Apple and the others are going to get slammed with vulns. It will be interesting to see!
Cheers!
Comments
| Posted: Wednesday, December 31 1969 18:00.00 CST | |