|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IDS Management/SIM Systems
From: Mike Coliton (mcoliton
twmi.rr.com)
Date: Tue Jun 17 2003 - 11:29:59 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
As an non-vendor but an integrator whose core clients are a few large
companies (ie: non-partial bystander), neuSecure by Guardednet really
tested well. You might want to check them out.
----- Original Message -----
From: <eric.hinesappliedwatch.com>
To: <focus-idssecurityfocus.com>
Cc: <mayankncb.ernet.in>
Sent: Tuesday, June 17, 2003 10:26 AM
Subject: IDS Management/SIM Systems
> Mayank,
>
> If I am understanding you correctly, you are talking about a Security
> Information Management System that integrates monitoring capabilities of
> Intrusion Detection Systems beyond SNMP traps. Several SIM systems exist
out
> there, just to name a few:
>
> 1. eSecurity, Inc.
> 2. Arcsight
> 3. Net Forensics
>
> And for my favorite point in the email, our own vendor plug. Our SIM is
the
> first of it's kind, OS-native system for monitoring the Snort IDS, ripping
> users from the web browser to the Desktop. We are a first to market SIM
system
> dedicated to open-source security solutions, providing upcoming support
for
> Snort-Inline, Prelude, PF, IPchains, etc. For more information,
> http://www.appliedwatch.com will allow you access to download the
software.
>
> It really depends on what you are looking to do. I guess I need more
> understanding of your environment, and instead of "what if the company is
doing
> this" sort of questions, could you possibly tell us exactly what it is you
want
> to do and what is setup there? What IDS are you using and why concern for
SNMP
> for management? Is this the only alerting/management protocol your IDS
> supports?
>
> From what I read from your email, your company currently outsources the
> monitoring of your network and you now want to do your own IDS monitoring
in-
> house in conjunction with what they are doing to augment the efforts?
>
> Please advise.
>
> Regards,
> Eric Hines
> CEO, Chairman
> Applied Watch Technologies, Inc.
> http://www.appliedwatch.com
> Toll Free: (877) 262-7593
>
>
>
>
>
> From: Mayank-Bhatnagar [mailto:mayankncb.ernet.in]
> Sent: Friday, June 13, 2003 10:21 AM
> To: focus-idssecurityfocus.com
> Subject: IDS and NMS
>
>
> hi folks,
>
> Well there is this issue that I would like to put to the group.
> "Requirement of an interface of an IDS with an already installed Network
> Management System".
>
> Let me state it like this, If we have a managed IDS product it might have
its
> own management console and its own
> configurations, server etc.
>
> However an organisation which is running a NMS might wish to incorporate
IDS,
> its features on the NMS itself and might
> not wish to invest on another Management Console.
>
> There are some products like HP-OPen View which incorporate IDS in their
> feature set.But this scenario is different
> in the sens that one has build a NMS and also provided IDS functionality
using
> SNMP. The other case is where an independent
> IDS solution (independent of SNMP), getting incorporated in a NMS.
>
> How much is this a viable solution or whether such requirement could
exist, and
> if yes, what could be implications of same?
> As far as I know, top notch IDS products dont have any integration with
NMS,
> Some do send traps (which could be a
> minimal part of IDS ie sending alerts to IDS management console as well as
NMS)
>
> Hope I am clear enough.....
>
> Waiting for some views......
>
> thanks and regards,
> Mayank
>
> --------------------------------------------------------------------------
-----
> Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
> world's premier technical IT security event! 10 tracks, 15 training
sessions,
> 1,800 delegates from 30 nations including all of the top experts, from
CSO's to
> "underground" security specialists. See for yourself what the buzz is
about!
> Early-bird registration ends July 3. This event will sell out.
www.blackhat.com
> --------------------------------------------------------------------------
-----
>
-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]