Re: IDS evaluation

From: alan shimel (ashimel@latis.com)
Date: 08/23/02 

Date: 22 Aug 2002 22:05:52 -0000
From: alan shimel <ashimel@latis.com>
To: focus-ids@securityfocus.com
('binary' encoding is not supported, stored as-is) In-Reply-To: <010f01c24a21$9b6ec7e0$0200a8c0@fateloki>

I have been watching this thread with some amusement. As a general rule
i never mention my company and products but since it seems to be OK for
this thread I really think you should take a look at the Border Guard
product by Latis. It incorporates snort, has multi-sensor management,
MySQL, automatic rule updates and firewall connection built in. A ton of
other features that make it a no brainer for any snort admin. I would
welcome any feedback from any of the snort fans out there. I follow the
IDS market closely and frankly don't see anything that even comes close.
If after having a look anyone wants to kick the tires yourselves let me
know and I will send you a free trial.

Sorry if I offended anyone with the blatant commercialism but if you
can't beat'em, join'em!

Alan Shimel
VP of Business Development, Latis Networks, Inc.
ashimel@latis.com

>Received: (qmail 19087 invoked from network); 22 Aug 2002 22:02:22 -0000
>Received: from outgoing3.securityfocus.com (HELO
outgoing.securityfocus.com) (66.38.151.27)
> by mail.securityfocus.com with SMTP; 22 Aug 2002 22:02:22 -0000
>Received: from lists.securityfocus.com (lists.securityfocus.com
[66.38.151.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 941A6A316B; Thu, 22 Aug 2002 15:22:09 -0600 (MDT)
>Mailing-List: contact focus-ids-help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <focus-ids.list-id.securityfocus.com>
>List-Post: <mailto:focus-ids@securityfocus.com>
>List-Help: <mailto:focus-ids-help@securityfocus.com>
>List-Unsubscribe: <mailto:focus-ids-unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:focus-ids-subscribe@securityfocus.com>
>Delivered-To: mailing list focus-ids@securityfocus.com
>Delivered-To: moderator for focus-ids@securityfocus.com
>Received: (qmail 19229 invoked from network); 22 Aug 2002 21:04:36 -0000
>From: "Loki" <loki@fatelabs.com>
>To: <focus-ids@securityfocus.com>
>Subject: Re: IDS evaluation
>Date: Thu, 22 Aug 2002 17:19:31 -0400
>Message-ID: <010f01c24a21$9b6ec7e0$0200a8c0@fateloki>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="us-ascii"
>Content-Transfer-Encoding: 7bit
>X-Priority: 3 (Normal)
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook, Build 10.0.2627
>X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
>Importance: Normal
>
>For you snort admins out there who have been wanting to get out of the
>web-based Snort monitoring environment, Applied Watch Technologies is
>going to soon announce its release of the Vigilad Command Center, the
>worlds first true, OS-native Security Information Management (SIM)
>system for the Snort IDS. It has distributions for Windows, Mac, Unix,
>and Linux platforms. It is currently being evaluated by the Department
>of Defense and will soon be offered for home/non-commercial users as
>well. Our web site is located at http://www.appliedwatch.com.
>
>Stefan, this might serve as an alternative to centralized monitoring of
>your Snort IDS agents should you choose that route.
>
>Regards,
>Eric Hines
>
>
>=====================================================
>Eric Hines
>CTO, President
>Applied Watch Technologies
>-----------------------------------------------------
>[w] http://www.appliedwatch.com
>[e] ehines@appliedwatch.com
>[p] (412) 303-3115
>-----------------------------------------------------
>[a] Applied Watch Technologies
> 149 Rossmor Court
> Pittsburgh, PA. 15229
>-----------------------------------------------------
>This transmission may contain information that is
>privileged, confidential and/or exempt from disclosure
>under applicable law. If you are not the intended
>recipient, you are hereby notified that any disclosure,
>copying, distribution, or use of the information
>contained herein (including any reliance thereon) is
>STRICTLY PROHIBITED. If you received this transmission
>in error, please immediately contact the sender and
>destroy the material in its entirety, whether in
>electronic or hard copy format. Thank you.
>
>=====================================================
>
>
>
>
>
>
>
>
>-----Original Message-----
>From: Stefan Dens [mailto:Stefan.dens@pandora.be]
>Sent: Thursday, August 22, 2002 12:36 PM
>To: focus-ids@securityfocus.com
>Subject: Re: Re: IDS evaluation
>
>
>Hi,
>
>>I'm a Snort fan but deploying 12 of them with central management needs
>>good expertise and multi-tool gluying skills.
>
>I'm also a snort fan but deploying 12 sensor with a central management
>is easy. Take a look at SnortCenter http://users.pandora.be/larc , it is
>a complete management system to manage remote snort sensors. Next week
>there will be a new version available with a lot of new features. The
>new version will also work on linux, *BSD, solaris & Windows.
>
>And the best of all it's free under GPL license
>
>Regards,
>Stefan Dens
>
>------------------------
> Saad Kadhi <bsdguy@docisland.org> wrote:
>------------------------
>On Wed, Aug 21, 2002 at 04:04:07PM -0400, Elijah Savage wrote:
>>> I am coming to you experts for a little help. It has come time to
>>> renew our maintenance contract with cisco we have the old netranger
>>> product. Well my company wants me to do a review of 3 products of my
>>> choice to see what other products may provide us a better solution
>>> that what we currently have. We have 12 IDS sensors currently. Can
>>> you all recommend 3 products that will be worth my time to take a
>>> look at?
>>If central management/event correlation is what you need then my list
>>would be: 1.Enterasys Dragon 2.Cisco Secure IDS
>>3.ISS
>>
>>However, the new appliances from Cisco that promise better performance
>>than Dragon (among other things) are still vaporware at this time.
>>
>>I'm a Snort fan but deploying 12 of them with central management needs
>>good expertise and multi-tool gluying skills.
>>
>>--
>>Saad Kadhi
>>[pgp keyid: 35592A6D http://pgp.mit.edu]
>>[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D]
>># booth slave for hire
>
>
>

Relevant Pages

  • RE: IDS evaluation
    ... For you snort admins out there who have been wanting to get out of the ... web-based Snort monitoring environment, Applied Watch Technologies is ... system for the Snort IDS. ... I'm also a snort fan but deploying 12 sensor with a central management ...
    (Focus-IDS)
  • Re: IDS evaluation
    ... For you snort admins out there who have been wanting to get out of the ... web-based Snort monitoring environment, Applied Watch Technologies is ... your Snort IDS agents should you choose that route. ... I'm also a snort fan but deploying 12 sensor with a central management ...
    (Focus-IDS)
  • SNORT, WIN2000 and Syslog
    ... Subject: SNORT, WIN2000 and Syslog ... Hi Folks, ... 2- is there any central management SW for central management and central ...
    (Focus-IDS)
  • Re: Value of "richer" signatures?
    ... Snort, Dragon, and NFR, and I can tell you that they ... Here's an example of how the newer IDS signatures help ... Let's say you are using a simple packet grepping IDS ... > an FTP connection). ...
    (Focus-IDS)
  • RE: Re: IDS evaluation
    ... I'm also a snort fan but deploying 12 sensor with a central management ... We have 12 IDS sensors currently. ...
    (Focus-IDS)