Re: ForeScout ActiveScout

From: Gadi Evron (ge_at_linuxbox.org)
Date: 01/11/05

  • Next message: avi chesla: "Re: newbie quetsions"
    Date: Tue, 11 Jan 2005 12:12:30 +0200
    To: dywzh dywzh <zhihen.wang@gmail.com>
    
    

    > But one weak point I see in their approach (or their product offering)
    > is that they narrowed their intrusion detection scope to only on those
    > traffics going to the fake place.

    Not so. They do give higher score to traffic going to non-existent IP's
    - i.e. virtual hosts the machine "acts like they are alive", but the
    whole methodology we discussed actually works on real IP's.

    Seeing someone attack a non-existent IP is always nice, though. ;)

    > Recently, I have been exposed to a start-up security company,
    > CyberShield Networks. They developed a similar approach to enable
    > users being proactive, but the complete package they offer goes way
    > beyond just reporting attacks from the fake place, they cover
    > intrusion detection over the entire IP space assigned under their

    I don't see how this differs from ActiveScout. Can you provide more
    details? It sounds very interesting. What do they do?

    > protection. Also they implemented a RADAR screen and transformed
    > attacks into blips on the RADAR, that makes our security guys life a
    > lot easier as far as sorting out the priorities among the attacks
    > reported. Pretty cool stuff.

    Cool GUI, being cool, is important for ease of use. It is not, however,
      what I am looking for in a product.

            Gadi.

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: avi chesla: "Re: newbie quetsions"