It's the first time I hearing of that. Can you give a few examples of good ones that run on Linux?
Just from my few minutes of research I found these options:
Here's an updated list that includes both commercial and open-source EDR (Endpoint Detection and Response) solutions with HIPS (Host Intrusion Prevention System) capabilities for Linux:
1. CrowdStrike Falcon
Cloud-native endpoint protection platform with EDR, antivirus, threat intelligence, and HIPS. Uses machine learning, behavioral analysis, and real-time indicators of attack (IOAs) to detect threats.
- Support: Offers 24/7 support with various service tiers.
- Price: Subscription-based pricing; costs vary based on features and number of endpoints.
- License: Commercial.
2. SentinelOne
Autonomous EDR with AI-powered behavioral-based threat detection, automated response actions, and HIPS. Provides visibility into endpoint activity and can rollback malicious actions.
- Support: Provides support with different service levels depending on the subscription tier.
- Price: Subscription-based pricing; details are available upon request.
- License: Commercial.
3. Elastic Security (formerly Elastic Endpoint Security)
Combines EDR capabilities with the Elasticsearch platform for real-time visibility, threat hunting, and response. Includes HIPS and integrates with the Elastic Stack for log analysis and SIEM functions.
- Support: Community and commercial support options available.
- Price: Free and open-source core functionality; commercial features and support are available with subscription.
- License: Apache 2.0 for the Elasticsearch platform; Elastic Endpoint Security is commercial.
4. Sophos Intercept X for Linux
Provides advanced threat protection with EDR, HIPS, and anti-ransomware technology. Includes root cause analysis and automated investigation capabilities.
- Support: Offers various support options depending on the subscription level.
- Price: Subscription-based pricing; details are available upon request.
- License: Commercial.
5. Carbon Black (now part of VMware)
VMware Carbon Black Cloud Endpoint Standard offers continuous behavioral monitoring, EDR, and HIPS. Designed for threat hunting and response with a cloud-native architecture.
- Support: Support options vary by subscription tier.
- Price: Subscription-based pricing; costs are available upon request.
- License: Commercial.
6. Palo Alto Networks Cortex XDR
Integrates endpoint, network, and cloud data to stop sophisticated attacks. Includes EDR, HIPS, and advanced analytics for threat detection and response.
- Support: Offers different levels of support based on the subscription.
- Price: Subscription-based pricing; details are available upon request.
- License: Commercial.
7. F-Secure Protection for Linux Workstations
Provides antivirus, HIPS, and other security features specifically for Linux workstations. Designed to protect against known and unknown threats.
- Support: Offers support with different service levels.
- Price: Pricing is available upon request.
- License: Commercial.
8. Endgame
An EDR platform that provides advanced threat hunting and response capabilities with HIPS. Designed to detect and stop sophisticated attacks, including fileless malware and zero-day threats.
- Support: Support options are available with the subscription.
- Price: Subscription-based pricing; details are available upon request.
- License: Commercial.
9. OSSEC
Open-source host-based intrusion detection system (HIDS) that includes some HIPS features. It performs log analysis, file integrity monitoring, policy monitoring, rootkit detection, and active response.
- Support: Community support through forums and documentation; commercial support is available from third-party vendors.
- Price: Free and open-source.
- License: Open Source (BSD License).
10. Wazuh
Open-source security monitoring and threat detection platform that is compatible with OSSEC. It offers EDR capabilities, HIPS, and integrates with Elasticsearch for advanced analytics and visualization.
- Support: Community support through forums, documentation, and paid professional support options.
- Price: Free and open-source.
- License: Open Source (Apache License 2.0).
When considering open-source solutions like OSSEC and Wazuh, it's important to note that while they are free to use, they may require more hands-on configuration and management compared to commercial products...