Intrusion Prevention Tools

This is a running list of intrusion prevention tools that I am interested in.

Host Based Intrusion Prevention


crowdstrike 416x416 Intrusion Prevention Tools


From Crunchbase:

CrowdStrike is a cybersecurity technology firm pioneering next-generation endpoint protection, delivered as a single integrated cloud-based solution. CrowdStrike’s Falcon platform stops breaches by detecting all attacks types, even malware-free intrusions, providing five-second visibility across all current and past endpoint activity while reducing cost and complexity for customers. CrowdStrike’s Falcon platform is delivered via the security industry’s only 100% native cloud architecture, integrated with 24/7 managed hunting capabilities and in-house threat intelligence and incident response teams. CrowdStrike’s unique Threat Graph harnesses the cloud to instantly analyze data from billions of endpoint events across a global crowdsource community, allowing detection and prevention of attacks based on patented behavioral pattern recognition technology.”



logo Intrusion Prevention Tools


Endgame runs in the kernel (like CrowdStrike) and is able to detect and malicious system behavior by using Hardware Assisted Control Flow Integrity (HA-CFI) and Dynamic Binary Instrumentation (DBI).  It has a great administrator portal for incident investigation as well.



Web Brower Protection

This class of security product proxies and protects drive by downloads


325711LOGO Intrusion Prevention Tools


The Fireglass web proxy completely protects end users from all drive by downloads.  It proxies all webpages seen in to images making them completely harmless.  The end user experience is the same as browsing the web without it.  This is a brilliant solution to the drive by download problem that has plagued the internet lately.

The server side of FireGlass uses Linux LXC containers to ensure that malware does not escape.

fg diagram Intrusion Prevention Tools

Fireglass Threat Isolation Platform