CA HIPS is a serviceable application whitelisting tool, particularly for businesses already using other CA security products. However, time-consuming challenges, such as identifying software on Windows PCs, make it more difficult to use than competing software.
CA's Host-Based Intrusion Prevention System combines a trusted
application repository with blacklisting tools, including IPS, firewall
and operating system system security settings, to create a serviceable
but not stellar application whitelisting offering.
IT managers who already use CA anti-virus or anti-spyware tools for
centrally managed, stand-alone threat management should consider CA
HIPS to add application blocking controls in the mix.
Application whitelisting tools, including CA HIPS, Bit9's Parity,
Core Trace's Bouncer and Lumension's Sanctuary Application Control,
take another tack from anti-virus and anti-spyware tools that use
signatures and anomaly detection schemes to try to stop unwanted
HIPS required significant administrative effort on my part to identify and
categorize the software on my Windows PC and server systems. I spent quite a
bit of time in the Application Reposi??Ãtory Rule section enrolling appli??Ãcations.
As such, it trails other whitelisting tools, including Parity. However, CA
HIPS, with its more traditional blacklisting approach and less aggressive
software con??Ãtrols, may be easier to roll out to large user populations.
whitelisting isn't without flaws. There is the need to painstakingly approve
programs to prevent blocking needed applica??Ãtions. CA HIPS creates and uses an
application repository to manage application and DLL recognition for use in
firewall rules. The rules, once created, were easy for me to modify from the
central Web-based console.
HIPS doesn't clean malware from a system, although the IPS and
firewall protections will play a role in reducing the amount of unwanted or
malicious software that is able to make it to end-user systems.
HIPS r8 was released last year and costs $40 per seat.