Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Alex Arndt (aarndthome.com)
Date: Wed Nov 21 2001 - 22:26:42 CST
First off, I'll go on record as saying SR (Silent Runner) is not an IDS, but
rather a network traffic analysis tool with advanced monitoring capabilities
(i.e. - session reconstruction, stateful collection of application data,
That being said, the product delivers. There are some considerations,
predominately scope of monitoring, that need to be addressed before you can
deploy it effectively but they are not insurmountable.
I've seen first-hand how effective SR at rebuilding web traffic (right down
to the graphics embedded in accessed HTML documents), but I can assure you
that SR is not meant to replace a Network IDS - Rather it should be used to
compliment one and help with increased monitoring during the RESPONSE phase
of the Incident Handling process.
Of course, these are simply my own personal observations and opinions, so
take them any way you please... ;)
BTW, feel free to hit me up off-list if you want more specifics!
Alex Arndt, GCIA
"Within all order is the potential for chaos..."
From: Ascent - Compton, Richard [mailto:RComptonascent-corp.com]
Sent: Wednesday, November 21, 2001 1:18 PM
Subject: What do you think of Silent Runner
I'm considering purchasing a product called Silent Runner. Is anyone here
using it? Hate it/love it? Useful/useless? Please let me know.