RE: Experiences with company nCircle and their IP360 product

From: Glenn D Fournier (gdf_bah_at_comcast.net)
Date: 11/24/05

  • Next message: BSK: "Identifying whether 2 IPs are from the same server" 
    To: "Bongers, Coen" <coen.bongers@logicacmg.com>, <pen-test@securityfocus.com>
Date: Thu, 24 Nov 2005 08:52:34 -0500

    I was part of a team that evaluated a number of vulnerability management
    products for use within a major government agency. The products evaluated
    were nCircle IP360, Foundstone, and Tenable's Lightning Console. From the
    initial discussions with vendors, nCircle seemed to be very promising, until
    we visited another agency that used the product. Bandwidth consumption was
    very high, throttling of the tool could alleviate this problem, but
    depending on the size of the network, this would translate into an excessive
    amount of time to conduct scanning. Also, nCircle was basically an "always
    on" product. Scans could not be paused or suspended, short of isolating the
    scanner from the network.

    In the long run, our team decided on Foundstone, which has been
    disappointing since we have implemented it. My personal choice was Tenable,
    and I would still prefer it over nCircle or Foundstone.

    -----Original Message-----
    From: Bongers, Coen [mailto:coen.bongers@logicacmg.com]
    Sent: Wednesday, November 23, 2005 8:25 AM
    To: pen-test@securityfocus.com
    Subject: Experiences with company nCircle and their IP360 product

    <Message to moderator: I cross-posted this message, because it might be
    an interessting issue for both lists>

    Hello people,

    As a lurking list-user I have allready seen a lot of good information on
    these mailing lists. But now I would like to fire-off a question myself;

    Does any of the listmembers have any experience with the security
    company nCircle and their products? Their product IP360 in particular
    has my interest.

    The SanFrancisco and Londen based company has some interesting products
    for vulnerabillity management and Intrusion Detection. I've met with
    representatives of nCircle at some security-fairs in the past and they
    strike me as very professional and capable people. Also their products
    seem qualitative to me.

    Last weeks I've followed a discussion on best pen-test tools on these
    mailing lists, but I cannnot remember seeing anything about nCircle's
    products.

    So, any input on experience with their products and with the company
    (European office) would be appriciated.

    Possible subjects (amongst others) for response could be;

            -Easo of implementation
            -Ease-of-use
            -Support quality and speed
            -Missing features / unique features
            -Ease of integreation with other systems
            -Portabillity to other networks
            -etc

    Met vriendelijke groet / with kind regards,

    Coen Bongers

    Security Consultant

    ________________________________________

    LogicaCMG

    * Coen.Bongers@logicacmg.com <mailto:Coen.Bongers@logicacmg.com>

    Website: http://www.logicacmg.com <http://www.logicacmg.com/>

    ________________________________________________________________________
    ________________________________________________________________________
    ____________________________________________________

    The information contained in this email and its attachments (if any) is
    confidential and may be legally privileged. It is intended solely for
    the use of the individual or entity to whom it is addressed and others
    authorised to receive it. If you are not the intended recipient you are
    hereby notified that any disclosure, copying, distribution or action in
    reliance of the contents of this information is strictly prohibited and
    may be unlawful. LogicaCMG is neither liable for the proper and complete
    transmission of the information contained in this email nor for any
    delay in its receipt. If received in error, please contact LogicaCMG on
    +31 (0)40 295 77 77 quoting the name of the sender and the addressee and
    then delete it from your system. LogicaCMG does not accept any
    responsibility for viruses and it is your responsibility to scan the
    email and attachments.

    ________________________________________________________________________
    ________________________________________________________________________
    ____________________________________________________

    This e-mail and any attachment is for authorised use by the intended
    recipient(s) only. It may contain proprietary material, confidential
    information and/or be subject to legal privilege. It should not be copied,
    disclosed to, retained or used by, any other party. If you are not an
    intended recipient then please promptly delete this e-mail and any
    attachment and all copies and inform the sender. Thank you.

    ---------------------------------------------------------------------------- 

    --
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers
do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
  • Next message: BSK: "Identifying whether 2 IPs are from the same server"

    Relevant Pages

    • RE: 3rd party vuln assesment firms
      ... > "We use the same tools hackers bring to bear against your systems. ... >> I'm looking for a firm to conduct annual 3rd party vulnerability ... Up to 75% of cyber attacks are launched on shopping ... >> your website for vulnerabilities to SQL injection, ...
      (Pen-Test)
    • Re: Hacking to Xp box
      ... I think there was a misunderstanding in the firewall point: ... you need to find some vulnerability that could be ... > restricts most of the attacks that use anonymous connections. ... > Audit your website security with Acunetix Web Vulnerability ...
      (Pen-Test)
    • RE: PT Activity duration/time
      ... Vulnerability Assessment ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • Re: Hacking to Xp box
      ... I think there was a misunderstanding in the firewall point: ... you need to find some vulnerability that could be exploited to run ... > restricts most of the attacks that use anonymous connections. ... > Audit your website security with Acunetix Web Vulnerability Scanner: ...
      (Pen-Test)
    • RE: Penetration test of 1 IP address
      ... Before I do anything very intrusive I personally go to the website ... Also remember once you have found a vulnerability, ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping ...
      (Pen-Test)