Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > IDS-list> 1999-q4

IDS Archives: Re: IDS: COTS intrusion detectors

Re: IDS: COTS intrusion detectors

Robert Graham (robert_david_grahamyahoo.com)
Thu, 9 Sep 1999 11:41:29 -0700 (PDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Markku J. Saarelainen: "IDS: Other interesting issues and matters ...."
Previous message: Bawcom, Aaron: "IDS: RE: COTS intrusion detectors"

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
USUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
---------------------------------------------------------------------------

---
--- "Endler, David S" <David.S.Endlerusa.xerox.com> wrote:
> Hi all,
> 	I'm interested if anyone could share their opinions and experience
> (bad and good) with this mailing list and compare/praise/flame the following
> COTS ID solutions in an enterprise setting.  
> 
> 
> Network Associates Cybercop Monitor
> ISS Real Secure 
> ODS Networks CMDS
> Axent Intruder Alert/Net Prowler
> Cisco Netranger
> 
> It seems they each claim close to the same thing of monitoring both host
> data (except netranger) and network traffic. I'm interested in enterprise
> wide solutions (addressing hosts and networks) with nice GUI
> monitoring/reporting etc. so have purposely left out NFR. 
Um. You might want to try BlackICE and ICEcap from Network ICE (the company I
work for). It is sold as an enterprise suite consisting of as many
network-based, host-based, and consoles that you need, priced on a per-host
basis.
I think it has all the features that you describe:
- both host-based and network-based versions
- scalable reporting system handling thousands of agents from a single console
- centralized install/update from the console
- SQL backend for the console (unfortunately, the "GUI" is web-based)
- I think it is the only system that provides host-based agents for Win9x
machines
- extreme ease of use (it actually bothers people that it doesn't require a
reboot after installation).
- massive signature recognition (a list of the 275 intrusions it finds can be
found at http://advice.networkice.com/advice/intrusions)
The easiest way to evaluate it is to buy/download a single host-based copy for
your own machine. It's $39 from http://www.networkice.com for the end-node
version. Run scanners, nmap, etc. against it and see what it pops up with. Of
course, this won't demonstrate the enterprise-wide reporting, but you could
contact salesnetworkice.com or come by our booth at Interop (S031).
Rob.
===
Robert Graham
"Anxiously awaiting the millenium so I can start programming
dates with 2-digits again."
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com

Next message: Markku J. Saarelainen: "IDS: Other interesting issues and matters ...."
Previous message: Bawcom, Aaron: "IDS: RE: COTS intrusion detectors"

This archive was generated by hypermail 2.0b3 on Fri Sep 10 1999 - 02:44:53 CDT