Host based IDS Reports

["Teicher, Mark (Mark)" <teicher () avaya com>]

After evaluating the vendors that were prominently mentioned in Magic
Quadrant for Personal Firewalls, 1H03 - By John Girard, it appears that
reporting has taken a back seat.
I have examined a majority of the report functionality in each of the
products mentioned and did not find useful report that was presentable
enough to executive management for them to understand.
Or in some cases, was printable directly from the management server.  

Other products included the ability to send out the log files to syslog
or utilize 3rd party products (i.e. WebSense, or EiqNetworks Firewall
Reporter).  

Attempting to provide ROI cost savings to executive management is highly
dependent on the various products to provide useful and understandable
reporting.

Providing the ability to send events up to Symantec DeepSight would be
such an improvement.

Crystal Reports is nice, and is an alternative that vendors have used in
order to make their software release dates, but there other vendors who
have some very interesting reporting engine and shows their calibre in
establishing themselves as the forefront of presenting the right
information to executive management to justify their spending of
megadough on an enterprise solution


Thoughts, comments, rants, raves, suggestions for a geek who preaches
from the corner soapbox.. :)


/cheer and happy holidays to all  

---------------------------------------------------------------------------
---------------------------------------------------------------------------