호스트 기반의 침입방지 프로그램

출처 : http://www.networkintrusion.co.uk/hips.htm

---

DefenseWall HIPS
	Softsphere Technologies	http://www.softsphere.com
DefenseWall HIPS (Host Intrusion Prevention System) is the simplest and easiest way to protect yourself from malicious software (spyware, adware, keyloggers, rootkits, etc.) when you surf the Internet! Using the next generation proactive protection technologies, sandboxing and virtualization, DefenseWall HIPS helps you achieve a maximum level of protection against malicious software, while not demanding any special knowledge or ongoing online signature updates. DefenseWall HIPS divides all applications into 'Trusted' and 'Untrusted' groups. Untrusted applications are launched with limited rights to modification of critical system parameters, and only in the virtual zone that is specially allocated for them, thus separating them from trusted applications. In the case of penetration by malicious software via one of the untrusted applications (web browsers etc), it cannot harm your system and may be closed with just one click! With DefenseWall HIPS, Internet surfing has never been so simple, safe and easy. Try it today, and you will be convinced! Also see DefencePlus (previously known as Anti-Cracker Shield) and DefencePlus "Server Edition"
Free download, Cost for registration		Information updated: 20 Feb 06

---

McAfee Host Intrusion Prevention
	McAfee	http://www.mcafee.com
Your systems and applications are under constant attack from vulnerability based zero-day exploits, application access and data theft. Host Intrusion Prevention Systems (HIPS) monitor and block such unwanted activity. McAfee Host Intrusion Prevention protects your assets with multiple proven methods, including a system firewall and both signature and behavioral analysis. Standalone products have cumbersome non-integrated management platforms that prevent many companies from deploying the comprehensive protection they need against today’s blended threats. McAfee Host Intrusion Prevention integrates into your existing ePolicy Orchestrator management platform, for accurate, scalable and easy-to-use advanced system protection. With automatic signature updates and zero-day protection, you get the advanced vulnerability-shielding capabilities you need. Patching systems is something you will do less often and less urgently, and you will find it easier to comply with legal regulations. With a single agent for host intrusion prevention and desktop firewall, McAfee Host IPS is easy to deploy, easy to configure, and easy to manage.
Commercial		Information updated: 20 Feb 06

Primary Response SafeConnect
	Sana Security Inc.	http://www.sanasecurity.com
Primary Response SafeConnect delivers a whole new approach to PC security with a standalone solution that provides instant and constant protection against spyware and adware threats. Advanced behavioral technology detects and removes malicious software attacks as they occur, eliminating the need for scanning and signatures. As a result Primary Response SafeConnect delivers a higher level of protection that is not only more user-oriented but is also more effective and reliable. Primary Response SafeConnect is the first threat protection solution designed with the user in mind to radically simplify security: * Comprehensive protection against many different attacks in a single solution * Instant detection and removal of malicious software in real-time without scanning * Constant protection that is always up-to-date without requiring signature updates * Complete removal that eliminates all traces of malicious software and prevents reinstallation Also see Primary Response for a centrally managed solution, and Attack Shield for targeted protection from network worms.  SafeConnect OnDemand is designed for unmanaged resources accessing the corporate network.
Commercial		Information updated: 20 Feb 06

---

Cisco Security Agent
	Cisco Systems, Inc.	http://www.cisco.com
Cisco Security Agent provides threat protection for server and desktop computing systems, also known as endpoints. It helps to reduce operational costs by identifying, preventing, and eliminating known and unknown security threats. The Cisco Security Agent consolidates endpoint security functions in a single agent, providing: * Host intrusion prevention * Spyware/adware protection * Protection against buffer overflow attacks * Distributed firewall capabilities * Malicious mobile code protection * Operating-system integrity assurance * Application inventory * Audit log-consolidation Because Cisco Security Agent analyzes behavior rather than relying on signature matching, it never needs updating to stop a new attack. This zero-update architecture provides protection with reduced operational costs and can identify so-called "Day Zero" threats."
Commercial		Information updated: 20 Feb 06

---

Host Intrusion Prevention Service
	SecureWorks Inc.	http://www.secureworks.com
Host Intrusion Prevention takes your security defenses beyond perimeter security by protecting critical servers from internal attacks and from external attacks where hackers use encryption as an attack technique. SecureWorks’ Host Intrusion Prevention Service (HIPS) provides an application firewall to ensure that the application is doing only what it is supposed to be doing. When encrypted traffic is received and decrypted by the operating system on the host machine, the HIPS agent intercepts instructions prior to reaching the application to prevent malicious activity. Why Implement Host Intrusion Prevention as a Service? SecureWorks has wrapped the Cisco® Security Agent (CSA) with our award-winning 24x7 managed services to deliver Host Intrusion Prevention Services (HIPS). Host Intrusion Prevention is complex and difficult to configure – and it can cripple the applications on the host server when implemented incorrectly. SecureWorks provides HIP as a service so that our skilled security analysts can define policies, configure rules, monitor your environment and tune the system to protect your critical assets. Threats are prevented in real-time and then evaluated by a security analyst as needed for escalation or policy tuning. Host Intrusion Prevention Service Features An expert security team monitoring your Security Console 24x7 monitoring and first response to prevent hacker attacks directed at your protected servers Real time, behavior-based attack blocking Elimination of known and unknown attacks (zero day) Customized security policy design and tuning Immediate updates as new attacks are identified In-depth reporting on attempted intrusions Precision escalation matrix Superior protection against buffer overflow, port scans and SYN floods Enhanced protection from encrypted traffic, infected floppies, laptops, consultants and providers who can access your network over an encrypted channel Secure access to web-based reporting console through two-factor authentication Logging and reporting of all intrusion events
Commercial Service		Information updated: 25 May 06

Third Brigade Deep Security
	Third Brigade Inc.	http://www.thirdbrigade.com
Third Brigade Deep Security is an advanced intrusion prevention system (IPS). It provides the best and last line of defense against attacks that exploit vulnerabilities in commercial and custom software, including web applications. It enables you to create and enforce comprehensive security policies that proactively protect hosts, applications and sensitive data. The system consists of three main components: * Deep Security Manager * Deep Security Agent * Deep Security Gateway Third Brigade Deep Security has been architected for today’s demanding multi-platform, multi-server enterprise environments. It provides deep, flexible protection for Windows, Linux, Solaris and other hosts. Deep Security can be deployed as a host-based, or network-based, IPS.
Commercial		Information updated: 25 May 06

---

Symantec Critical System Protection
	Symantec Corporation	http://www.symantec.com
Symantec Critical System Protection protects against day zero attacks, hardens systems, and helps maintain compliance by enforcing behavior-based security policies on clients and servers. A centralized management console enables administrators to configure, deploy and maintain security policies, manage users and roles, view alerts, and run reports across heterogeneous operating systems. Key Features * Includes pre-defined application policies for popular Microsoft interactive applications. * Out-of-the-box policies continuously lock down the OS, high-risk applications, and databases to prevent unauthorized executables from being introduced and run. * Offers broad platform support including Microsoft Windows, Sun Solaris, and Linux. Key Benefits * Provides proactive, host-based security against day zero attacks. * Offers protection against buffer overflow and memory-based attacks. * Helps maintain compliance with security policies by providing granular control over programs and data.
Commercial		Information updated: 20 Feb 06

ThreatSentry
	PrivacyWare Inc.	http://www.privacyware.com
ThreatSentry — Host Intrusion Prevention Software + Application Firewall ThreatSentry is a Host Intrusion Prevention software application (HIPS), designed to protect Windows Web servers running Microsoft Internet Information Services (IIS). ThreatSentry is comprised of two powerful components. The first is an Application Firewall, pre-configured with a knowledgebase of known exploitive techniques and attack characteristics. Administrator can establish explicit guidelines for permissible and/or denied activity. The application firewall is coupled with an advanced neural-based Behavioral Engine that organizes server requests into a multi-dimensional baseline of typical system activity. Each server connection is scrutinized by the rule-set configured in the application firewall and the behavioral baseline to identify and take action against any activity falling outside trusted parameters. ThreatSentry’s intrusion prevention capabilities progressively improve as the baseline evolves automatically or based on input from the system administrator. ThreatSentry is an easy to use enterprise-grade solution - at a small-business price.
Commercial		Information updated: 20 Feb 06

---

Proventia Desktop
	Internet Security Systems	http://www.iss.net
Proventia Desktop automatically protects desktops and laptops against known and unknown threats, hackers and other improper activity on the desktop. Complete Desktop Protection Proventia Desktop offers preemptive protection, the only effective way to preserve network uptime and avoid the negative business impact caused by Internet attacks. It works ahead of the threat to block attacks before they can cause outages, employee downtime and excessive calls to the helpdesk. Proventia Desktop is a simple-to-use, all-in-one solution that delivers effective, cost-efficient and standardized security for your enterprise’s most commonly used IT assets. You benefit from: * Robust protection at a lower cost with multi-layered security architecture that blocks attacks through both the application and network threat vectors. Proventia Desktop offers the most robust and effective protection available for desktop systems. * Easy integration with existing corporate infrastructure, including interoperability with Active Directory, most e-mail and Web clients, and popular antivirus and Virtual Private Network (VPN) software. * Compliant desktop systems that are running protective software, like the desktop agent or antivirus, before local access to the corporate network or remote access through a VPN is granted. Centrally managed security updates keep users current automatically.
Commercial		Information updated: 20 Feb 06

---

BlackICE PC Protection
	Internet Security Systems	http://www.iss.net (via digitalriver.com)
BlackICE PC Protection Guards and Secures Against: # Theft of personal identity, passwords or credit card info and more… # Hackers using your PC to launch attacks against other PC users # Computer downtime and system crashes BlackICE STOPS ATTACKERS COLD # BLOCKS hacker attacks instantly # PREVENTS destructive applications like worms and Trojans from ever starting # REPORTS attempted attacks and identifies intruders # SECURES any Internet connection, including dial-up, DSL, or cable modem BlackICE PC Protection is Powerful and Easy-to-Use - BlackICE teams a personal firewall with an advanced intrusion detection system to constantly watch your Internet connection for suspicious behavior. BlackICE responds immediately by alerting you to trouble and instantly blocking the threat. BlackICE PC Protection now features Application Protection, an exciting new feature designed to shield your PCs, laptops and workstations from hijack by an attacker, and protects you from Trojan horse applications, worms and other destructive threats. BlackICE's Application Protection quickly and invisibly defeats dangerous programs that attackers deliver through instant messaging, email, or even your Web browser! BlackICE stops these destructive programs before they do harm-like damaging your PC or launching email attacks against your friends and co-workers. BlackICE automatically detects and blocks attacks through a comprehensive inspection of all inbound and outbound information to your computer. And BlackICE PC Protection is constantly working to secure your dial-up, DSL, and cable modem from hackers 24 hours a day, every day of the year. Key Features BlackICE PC Protection offers: # Professional-strength protection from hackers for your home PC # An advanced Intrusion Detection System (IDS) Plus a Firewall! # Easy installation and "out-of-the-box" protection means you're instantly protected
Commercial		Information updated: 20 Feb 06

WehnTrust
	Wehnus	http://www.wehnus.com
WehnTrust is a Host-based Intrusion Prevention System (HIPS) that provides secure buffer overflow exploitation countermeasures. While other Windows based intrusion prevention systems are only capable of working with a pre-defined group of applications, WehnTrust's technology allows it to work with virtually all software products. Perhaps best of all, WehnTrust is currently free for home use. WehnTrust implements Address Space Layout Randomization (ASLR) for Windows. While ASLR is a common security measure for UNIX-based operating systems thanks to the PaX Team, it has not been widely implemented for, or deployed on, Windows. When implemented properly, ASLR mitigates nearly all exploitation techniques. The commercial version of WehnTrust also provides other security mechanisms that help to augment ASLR.
Free for home use, Commercial		Information updated: 20 Feb 06

---

System Safety Monitor 2.0
	System Safety Limited	http://www.syssafety.com
System Safety Monitor (SSM) allows you to track down Microsoft Windows operating system activity in real-time and to prevent undesirable actions from various malware and spyware programs. SSM's main goal is to discover and block malicious actions of any application. SSM keeps track of the activity of all applications already started or being started and allows you to control: * which application can be started; * which child application can be started by a selected one; * which parent applications are allowed to start a selected one; * whether a selected application is allowed to start if it was modified; * whether a selected application is allowed to install a driver; * whether a selected application is allowed to perform code-injection or DLL-injection; * create/terminate a process (application); * suspend a process and resume it afterwards; * watch the list of DLLs loaded by a selected application. Tracking and blocking changes in the following important operating system parts: * Windows registry; * drivers and services state; * INI-files; * "Startup" item of Start menu; * Microsoft Internet Explorer settings. Window management: * watches running applications windows; * runs "black list" of applications windows, closes "unwanted" applications windows automatically; * browses the list of applications windows created in the system; * shows invisible applications windows, hides visible ones, enables user input for "locked down" applications windows.
Free		Information updated: 21 Feb 06

Prevx1 ABC
	Prevx	http://www.prevx.com
70% have inadequate PC security and are infected - 70% of PC users have no PC Security at all or are using a PC security product which is either unlicensed or has not been updated for a very long time. Most, if not all of these users' PCs will be infected with numerous Adware, Spyware and viral infections exposing themselves to credit card fraud, identity theft and other forms of cyber crime whenever they use the Internet. Powerful Protection - Prevx1 ABC is a powerful PC security solution. It was designed to be used as a standalone security product replacing your existing Antivirus, Antispyware and security suites. However, it has been proven to work collaboratively with all of the major security products significantly strengthening the systems' defences against all forms of cyber attack. Many users however, choose to put their faith in Prevx1 as a standalone solution. Running one product is more convenient and uses less resource than running several. The choice is of course, up to you. Stops New and Established Threats - Prevx1 ABC will protect your system from attack by viruses, trojans, worms, adware, spyware and hackers. It offers much stronger protection than conventional Antivirus or Antispyware products. It will also protect you from established threats as well as new and evolved malware which bypass conventional products with ease. Prevx 1 Community Provides Safety In Numbers - When you use Prevx1 ABC your system becomes part of a huge community of PCs. Being part of that community allows your PC to learn about and protect against new and evolving threats much faster than using conventional security products. Whenever your PC tries to install or run a program it has never seen before it interrogates our centralized community database to find out if the program is known and safe to run. If it is then the program will be run without delay or interruption. If not the program will be blocked and you will be alerted to the risk it poses. Prevx1 sees more and protects better - Twenty-four hours a day our Centralized database monitors the propagation and behaviour of new or unknown programs automatically deciding to block programs which pose a threat to our user base. Daily, more than 50,000 new programs are seen within the Prevx1 community. On an average day 2,000 or more new or modified programs are blocked because of malicious behaviour. Compare these statistics with those of our competitors who manually identify around 1,000 new malicious programs per week. Prevx1 Packs In More Security Technology Than Any Other Agent - Prevx1 ABC incorporates a wide range of security technologies to protect you and your system. Click here to see the list of protection features you get in Prevx1 ABC Prevx1 ABC is very easy to install and virtually silent in normal operation. It is designed for every day users like you and me, as well as those technically advanced users who want an automated solution to their security needs. See also Prevx1 Pro & Expert, Prevx1 Family, and Prevx1 Enterprise.
Free for home use, Commercial		Information updated: 21 Feb 06

---

AppDefend
	Ghost Security	http://www.ghostsecurity.com
AppDefend is a kernel based application protection system, designed to be secure whilst using few resources. AppDefend intercepts various privileged actions and lets you decide whether they should occur or not. Without AppDefend you are highly vulnerable to rootkits, worms, viruses and spyware. In some cases without AppDefend, the only way to fix the problem would be to format your hard drive and start fresh. AppDefend is designed to work on Windows XP, 2000 and 2003 What does AppDefend protect against? Rootkit Installations Process Creation Process Execution Process Modification Thread and Process termination Thread Context Changing Network Access Direct Physical Memory Access Global Hooking Remote Thread Creation Thread and Process Suspension
Commercial		Information updated: 21 Feb 06