RE: Gartner is Dead, nCircle, Fusion,asset-correlation--was-->False positives, negatives and don't cares

["Evans, Arian" <Arian.Evans () fishnetsecurity com>]

dcdave,

# Anyone else seen Silent Runner in this light?

My two discussion issues (of which I only covered one) were:

(a)  correlate security events to vuln posture+asset value metrics.
(b)  deal with encrypted channels of communication.

I don't see Silent Runner solving for either of those issues.

Silent Runner is kind of an odd duck. I would comment more,
but I just hit their site and looks like they've changed some things
(at least marketing) since I last looked at it. I've got install CDs
and now they are "appliance based". </zip>

I think as I mentioned in a previous thread, that Securify, Lancope,
Mazu, and Arbor have offerings of varying maturity on the policy
and protocol police space. I see this space as a primary Silent
Runner value, but I believe the first three vendors I mentioned do
this in a superior fashion. (I don't know Arbor well enough to pass
judgement on their solution.)

nCircle and ISS have some SE to VP correlation *right now*.
Sourcefire looks like they're right around the corner with it. I'm
not aware that Silent Runner has anything that solves this need.

Silent Runner suffers from the same issues dealing w/encrypted
channels that any promiscuious network traffic collector suffers
from. (If there's some new magic in Silent Runner I'm not aware
of, somebody clue me hard.)

Cheerios,

Arian Evans
Sr. Security Engineer
FishNet Security

Phone:  816.421.6611
Toll Free:  888.732.9406
Fax:  816.421.6677

http://www.fishnetsecurity.com

note: Text email is not Office XP friendly. Turn off the "remove
extra line breaks" located at |Tools|Options|Email Options if
it formats incorrectly. Why break text-based email by default?
Ask Microsoft.

The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or 
privileged material. 
Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information 
by persons or entities
other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you 
received this communication 
in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network 
system.



---------------------------------------------------------------------------
Captus Networks - Integrated Intrusion Prevention and Traffic Shaping
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
 - Automatically Control P2P, IM and Spam Traffic
 - Ensure Reliable Performance of Mission Critical Applications
Precisely Define and Implement Network Security and Performance Policies
**FREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo
Visit us at: http://www.captusnetworks.com/ads/31.htm
---------------------------------------------------------------------------