Endpoint Protection

 View Only
  • 1.  SEP HIPS as a mitigation

    Posted May 20, 2013 03:43 PM

    Looking to connect with anyone who uses custom HIPS signatures on hosts as mitigations for attacks on things like java, adobe reader/flash, unpatched MS vulns, etc large enterprise preferred

     

    Please share your exeperiences, pros/cons, tips, and any information sources for signatures..
     

    Thanks in Advance!devil



  • 2.  RE: SEP HIPS as a mitigation

    Posted May 20, 2013 03:49 PM

    The toughest part is you need to get the signature right (based off snort syntax) otherwise it will not work or work improperly. If you look at the admin and install guide for SEP 12.1, appendix E, starting on page 1121 it gives a lot of good info on the syntax for custom IPS. It's a good start.

    The pro is that you are ahead of the curve and have protection right away.

    If you have a test lab than you are going in the right direction as you can quickly confirm that your signatures are working.

     



  • 3.  RE: SEP HIPS as a mitigation

    Posted May 20, 2013 04:26 PM

    Any batch way to download all of the Snort sigs for one type of software-(e.g java 1.6.X,java 1.7.X)?

     



  • 4.  RE: SEP HIPS as a mitigation

    Posted May 20, 2013 04:44 PM

    Would need to be a custom created process.

    I don't have anything to do this though.