Firewall Wizards mailing list archives
Re: ??? vs blackice -reply
From: Robert Graham <robert_david_graham () yahoo com>
Date: Thu, 23 Mar 2000 10:31:07 -0800 (PST)
--- Mark.Teicher () predictive com wrote:
What I meant in the previous message was that NetworkICE cannot be placed in the same category as ISS RealSecure or NFR IDA 4.01. These products address completely different segments of the IDS product space.
Hhhmm. Apparently you haven't used BlackICE Sentry yet. The Sentry version does the following: * promiscuous packet capture * over 400 signatures * full stateful protocol analysis * centralized mgmt/reporting * etc. In Greg Shiply's review at http://www.nwc.com/1023/1023f19.html, you can see the performance of the network engine when compared with alternatives. Moreover, the "full stateful analysis" means the signatures are much more robust. For example, we have only one signature for a POP3 buffer overflow in the user name field, whereas other products have as many as 20. We have several customers who have thrown out RealSecure and replaced with BlackICE Sentry because: * Sentry handles higher traffic rates * Sentry has extensive anti-evasion capabilities (reassembles packets, handles all whisker evasions, etc.) * Sentry has dramatically fewer false positives (a lot of customers end up paying a lot for RealSecure, then stop using it because they are drowned in meaningless alerts). * Its explanation of alerts is much better than the X Force stuff. What feature is BlackICE Sentry missing such that you don't put it in the same category?
NetworkICE Lockdown 2000 Bonzi Intruder are addressing the personal firewall and personal IDS space while
Uh, no. Lockdown2000 and Bonzi Intruder are neither firewalls or real IDSs. They are port monitors like Nukenabber. They contain zero packet filtering capabilities. In contrast, BlackICE Defender is currently the market leader in personal firewalls. Both Defender and Sentry make use of the same underlying IDS engine, but please don't confuse one for the other. Robert Graham CTO/Network ICE __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Current thread:
- Re: ??? vs blackice Robert Graham (Mar 21)
- <Possible follow-ups>
- Re: ??? vs blackice -reply Robert Graham (Mar 28)
- Re: ??? vs blackice -reply Mark . Teicher (Mar 28)
- RE: ??? vs blackice -reply Mark . Teicher (Mar 29)
- RE: ??? vs blackice -reply Cotter, David (Mar 29)
- RE: ??? vs blackice -reply LaPane, Mike (Mar 29)