Hi,

First off, I'll go on record as saying SR (Silent Runner) is not an IDS, but
rather a network traffic analysis tool with advanced monitoring capabilities
(i.e. - session reconstruction, stateful collection of application data,
etc.).

That being said, the product delivers. There are some considerations,
predominately scope of monitoring, that need to be addressed before you can
deploy it effectively but they are not insurmountable.

I've seen first-hand how effective SR at rebuilding web traffic (right down
to the graphics embedded in accessed HTML documents), but I can assure you
that SR is not meant to replace a Network IDS - Rather it should be used to
compliment one and help with increased monitoring during the RESPONSE phase
of the Incident Handling process.

Of course, these are simply my own personal observations and opinions, so
take them any way you please... ;)

BTW, feel free to hit me up off-list if you want more specifics!

Alex Arndt, GCIA

"Within all order is the potential for chaos..."

-----Original Message-----
From: Ascent - Compton, Richard [mailto:RComptonascent-corp.com]
Sent: Wednesday, November 21, 2001 1:18 PM
To: focus-idssecurityfocus.com
Subject: What do you think of Silent Runner

Hello,
I'm considering purchasing a product called Silent Runner. Is anyone here
using it? Hate it/love it? Useful/useless? Please let me know.

Thanks,
Rich

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]