Third Brigade Seminar

I went to a seminar put on by Third Brigade on Thursday. It was a good summary regarding the need for HIPS (Host-Based Intrustion Prevention Software). I also got some hands on lab time with their product.
I agree with them that their product is lightweight, and takes less time to deploy than other products like CSA or McAfee HIPS. I am concerned about whether it will work in our environment. Or I should say, in a heterogeneous environment where everyone is a local admin I wonder if any HIPS work. Our users already don’t like the limited changes they are allowed by the current personal firewall. This product wont allow them to whitelist anything in the packet filter, but still allows them to disable it completely. And of course ultimately, I want a HIPS product to protect against zero day attacks. It is my opinion that this product cant do that. I expect to be doing a eval install in a couple of months so that is something I’ll be verifying.
HIPS products have a high pain potential, and are thus likely to turn into shelfware. That is something I dont think would happen with the Third Brigade product. I think this product would improve our level of protection and give us much greater reporting than what we see now.