CA HIPS Has Its Issues

 
 
By Cameron Sturdevant  |  Posted 2008-09-29 Print this article Print
 
 
 
 
 
 
 

CA HIPS is a serviceable application whitelisting tool, particularly for businesses already using other CA security products. However, time-consuming challenges, such as identifying software on Windows PCs, make it more difficult to use than competing software.

CA's Host-Based Intrusion Prevention System combines a trusted application repository with blacklisting tools, including IPS, firewall and operating system system security settings, to create a serviceable but not stellar application whitelisting offering.

IT managers who already use CA anti-virus or anti-spyware tools for centrally managed, stand-alone threat management should consider CA HIPS to add application blocking controls in the mix.

Application whitelisting tools, including CA HIPS, Bit9's Parity, Core Trace's Bouncer and Lumension's Sanctuary Application Control, take another tack from anti-virus and anti-spyware tools that use signatures and anomaly detection schemes to try to stop unwanted software actions.

CA HIPS required significant administrative effort on my part to identify and categorize the software on my Windows PC and server systems. I spent quite a bit of time in the Application Reposi??ítory Rule section enrolling appli??ícations. As such, it trails other whitelisting tools, including Parity. However, CA HIPS, with its more traditional blacklisting approach and less aggressive software con??ítrols, may be easier to roll out to large user populations.

Application whitelisting isn't without flaws. There is the need to painstakingly approve programs to prevent blocking needed applica??ítions. CA HIPS creates and uses an application repository to manage application and DLL recognition for use in firewall rules. The rules, once created, were easy for me to modify from the central Web-based console.

CA HIPS doesn't clean malware from a system, although the IPS and firewall protections will play a role in reducing the amount of unwanted or malicious software that is able to make it to end-user systems.

CA HIPS r8 was released last year and costs $40 per seat.



 
 
 
 
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at cameron.sturdevant@quinstreet.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel