CA Host-Based Intrusion Prevention

I deployed the CA Host-Based Intrusion Prevention System in “verbose” mode so that I could see the local console. It can be deployed silently and with no local user interface. Notice that the firewall, intrusion prevention and operating system protection modules are also installed (see “POLICY INFORMATION,” lower left).

The CA HIPS management server uses an application repository to define application files, the trust status of those applications and other application characteristics that are used to generate whitelisting policy.

On the management server, IT staff can see up-to-date notifications of host activity.

CA HIPS reports boil down the event notification data from large groups of machines into meaningful chunks.

Managers can see at a glance if client systems have the latest version of firewall, IPS, application repository and OS protection policies in place on the client’s activity screen. However, the activity log can become bloated with operational notices that make it harder to find red flags.

Setting baseline inbound/outbound policy was a snap with CA HIPS (in yellow), which, along with the monitoring policy, allowed me to get a picture of normal activity on our monitored clients’ systems before implementing more stringent lockdown requirements.