RE: Entercept HIDS Question

• Previous message: George Capehart: "Re: Is IDS/IPS worthless?"
• Maybe in reply to: sam_at_neuroflux.com: "Entercept HIDS Question"
• Next in thread: gatekeeper: "Re: Entercept HIDS Question"
• Reply: gatekeeper: "Re: Entercept HIDS Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <sam@neuroflux.com>
Date: Tue, 2 Mar 2004 12:25:05 -0600

My company bought Entercept and then immediately removed it from
production if that tells you anything. It caused blue-screen's like
crazy, huge performance issues, and blocked an inordinate amount of
allowed traffic. This was even in detect only mode.

-----Original Message-----
From: sam@neuroflux.com [mailto:sam@neuroflux.com]
Sent: Tuesday, March 02, 2004 11:31 AM
To: focus-ids@securityfocus.com
Subject: Entercept HIDS Question

Hello.. We are currently in the process of selecting a HIDS based
product, and according to the Entercept sales person, they claim that
the
product has a feature that works very much like Tripwire.

My question here, is how much overhead does it add to a server, to watch
the filesystem in real time? And, if we already have Tripwire, would
their File Integrity checking process be enough to replace Tripwire?

And, if anyone is currently using the Entercept HIDS product, I'm
wondering how easily it can be managed (not only from the HIDS piece,
but
from the file integrity standpoint -- excluding files, creating
policies,
etc.)

Thanks!
-Sam

------------------------------------------------------------------------

---
Free 30-day trial: firewall with virus/spam protection, URL filtering,
VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with
Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total
cost of
ownership.
Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security
Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.
Download your free trial at 
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------

• Previous message: George Capehart: "Re: Is IDS/IPS worthless?"
• Maybe in reply to: sam_at_neuroflux.com: "Entercept HIDS Question"
• Next in thread: gatekeeper: "Re: Entercept HIDS Question"
• Reply: gatekeeper: "Re: Entercept HIDS Question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]