RE: Top IPS vendors - please read for invitation to Network World review.

• Previous message: klaus.dombrofsky_at_degussa.com: "IDS and portscan-detection"
• Maybe in reply to: Chan Kien Eng: "RE: Top IPS vendors - please read for invitation to Network World review."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 28 Aug 2003 08:55:52 -0500
To: "dodo" <ro_dodo@hotmail.com>, "Andrew Plato" <aplato@anitian.com>, <talisker@networkintrusion.co.uk>

et al,

> You forgot the one of the newest: www.forescout.com

I wouldn't call their product Host IPS, if you are responding to
the request below.

It's definitely a network product; not sure IPS is right; it's more
about blocking traffic based upon identification of recon, sending
fake responses, etc. It's something you'd throw out on your
extended edge and help cut down on what gets past that....
e.g.-reduce firewall and IDS traffic/logs. Has pretty reports.

Not sure where I'd really put it. It's definitely a step above
TCP-reset technology but it sure won't scrub directed attack
traffic so IPS doesn't seem to fit.

Pentasafe/now/NetIQ VSAWS is Host IPS. Part tripwire part
HTTP traffic sanitization.

Cheers,

Arian Evans
Sr. Security Engineer
FishNet Security

Phone: 816.421.6611
Toll Free: 888.732.9406
Fax: 816.421.6677

http://www.fishnetsecurity.com

note: Microsoft Office XP breaks text-based
email by default.

Turn off the "remove extra line breaks" located
at |Tools|Options|Email Options if this formats
incorrectly.
#
#----- Original Message -----
#From: "Andrew Plato" <aplato@anitian.com>
#To: <focus-ids@securityfocus.com>
#Cc: <talisker@networkintrusion.co.uk>
#Sent: Wednesday, August 27, 2003 3:41 AM
#Subject: Re: Top IPS vendors - please read for invitation to
#Network World
#review.
#
#
#>What I am very interested in would be a good list of Host Intrusion
#>Prevention Systems - it's something I've been meaning to tackle for
#some
#>time for inclusion on the site, some are on my Host IDS page
#.......I've
#>been concentrating on providing salient details on security training
#courses
#>recently sadly letting IDS and scanners slip.
#

The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or privileged material.
Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information by persons or entities
other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication
in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network system.

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the world’s premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------

• Previous message: klaus.dombrofsky_at_degussa.com: "IDS and portscan-detection"
• Maybe in reply to: Chan Kien Eng: "RE: Top IPS vendors - please read for invitation to Network World review."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]