CA Host-Based Intrusion Prevention System (CA HIPS)

The CA Host-Based Intrusion Prevention System (CA HIPS) combines three technologies into a single endpoint protection application: A stand alone firewall for the examination and control of both inbound and outbound network traffic; intrusion detection--the identification of known threats; and intrusion prevention--the ability to react to or block threats (including detected behavioral-based anomalies). The platform is centrally managed via a Windows-based server component, with each endpoint running a client component that communicates both policy information from the server as well as sends client event information back to the server for administrator monitoring, compliance reporting, and forensic purposes. Both the server and client components are targeted to Windows-based computers (2000/XP/2003, see the vendor for current details); and the vendor notes that the platform has been designed and tested for compatibility with their existing Integrated Threat Management offerings--including eTrust PestPatrol Anti-Spyware Corporate Edition, eTrust Antivirus, and eTrust Secure Content Manager. Additionally, the vendor states that CA HIPS is "...designed to complement other vendor's anti-spyware and anti-virus products."

CA HIPS incorporates technology obtained by CA through their acquisition of TINY Software in 2005.

A key feature of the product is its ability to analyze the behavior of applications running on the endpoints and therefore enable the creation of policies controlling the application based on those behaviors. Facilitating the creation of such control policies is the product's ability to "learn" the behavior of individual or groups of machines and detect anomalies from that learned behavior. Because of this ability to recognize anomalous behavior the vendor bills the platform as having the ability to protect the endpoints from zero-day attacks; and when such potentially malicious or unknown behavior is identified administrator defined policies can react by preventing the action, or by restricting the application's ability to communicate over the network until the application can be more fully examined.

The platform can leverage information from an LDAP or Microsoft Active Directory, allowing the creation of policies that can apply to individual users, groups of users, computer groups (laptops, servers, devices), or specific security mechanisms (firewall, IPS, or IDS); with granularity such that policies can be applied to certain users when they are in specific roles or locations. According to the vendor, policies allow for the determination of what traffic is appropriate, what applications can communicate, and what behaviors/access rights will be allowed on individual systems; including the rights to access specific devices on the endpoints, such as USB devices.

The platform is primarily managed by the administrator via a central server; however, a client GUI is also provided allowing the end user to see and modify CA HIPS defensive measures on their machines--provided the administrator has allowed the end user to do this. As aforementioned, the central server additionally collects events that transpire on endpoint machines; and filtering tools and pre-configured graphical reports on the server enable administrators to examine this collected information. If the endpoint is not connected to the machine, its events will be cached until it can next establish a connection; the client component continues to operate while disconnected from the server.

CA HIPS is expected to be available Monday, February 12th in Global English; the vendor notes that French, Italian, German, Spanish, Brazilian Portuguese and Simplified Chinese versions are expected by the end of March. Pricing starts at $40 per seat.

Contact CA for further information.