RE: Entercept HIDS Question

["Zach Forsyth" <Zach.Forsyth () kiandra com>]

I have used the cisco security agent (use to be okena stormwatch) and
the product was very good.
I wanted to use entercept but after trying to contact them for over a
month I gave up.

To test the agent I put a completely unpatched win2k server out on the
internt with the default server agent protecting it.
It sat their for a month and was not compromised at all.
A few hours after the trial period license for the agent expired the
server was hit with sql slammer and infected.

I did a lot more testing in the lab and was pleased with the product
overall.
Unfortunately the client we were looking to deploy the agent changed
their mind and I never got to use it in as real world scenario.
Download the trial and do some internal testing to see what you think.

Cheers

Zach

> -----Original Message-----
> From: Josh.Berry () compucom com [mailto:Josh.Berry () compucom com] 
> Sent: Wednesday, 3 March 2004 5:25 AM
> To: sam () neuroflux com
> Cc: focus-ids () securityfocus com
> Subject: RE: Entercept HIDS Question
>
> My company bought Entercept and then immediately removed it 
> from production if that tells you anything.  It caused 
> blue-screen's like crazy, huge performance issues, and 
> blocked an inordinate amount of allowed traffic.  This was 
> even in detect only mode.
>
> -----Original Message-----
> From: sam () neuroflux com [mailto:sam () neuroflux com]
> Sent: Tuesday, March 02, 2004 11:31 AM
> To: focus-ids () securityfocus com
> Subject: Entercept HIDS Question
>
> Hello..  We are currently in the process of selecting a HIDS 
> based product, and according to the Entercept sales person, 
> they claim that the product has a feature that works very 
> much like Tripwire.
>
> My question here, is how much overhead does it add to a 
> server, to watch the filesystem in real time?  And, if we 
> already have Tripwire, would their File Integrity checking 
> process be enough to replace Tripwire?
>
> And, if anyone is currently using the Entercept HIDS product, 
> I'm wondering how easily it can be managed (not only from the 
> HIDS piece, but from the file integrity standpoint -- 
> excluding files, creating policies,
> etc.)
>
> Thanks!
> -Sam
>
>
>
> --------------------------------------------------------------
> ----------
> ---
> Free 30-day trial: firewall with virus/spam protection, URL 
> filtering, VPN, wireless security
>
> Protect your network against hackers, viruses, spam and other 
> risks with Astaro Security Linux, the comprehensive security 
> solution that combines six applications in one software 
> solution for ease of use and lower total cost of ownership.
>
> Download your free trial at
> http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
> --------------------------------------------------------------
> ----------
> ---
>
>
>
>
> --------------------------------------------------------------
> -------------
> Free 30-day trial: firewall with virus/spam protection, URL 
> filtering, VPN,
> wireless security
>
> Protect your network against hackers, viruses, spam and other 
> risks with Astaro
> Security Linux, the comprehensive security solution that combines six
> applications in one software solution for ease of use and 
> lower total cost of
> ownership.
>
> Download your free trial at 
> http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
> --------------------------------------------------------------
> -------------


---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------