IDS mailing list archives
Re: Entercept HIDS Question
From: John Bedrick <john_bedrick () nai com>
Date: 9 Mar 2004 02:08:59 -0000
In-Reply-To: <OFEC323AFF.071F29CA-ON85256E51.006AA5E5-85256E51.006B19D0 () sct com> Network Associates Inc. acquired Entercept in May of 2003. Dimitri and Zach, I can not explain why your calls were not returned; certainly that is not the way we conduct business here at Network Associates Inc. and McAfee Security. It would be helpful to understand when this occurred for follow-up purposes. To be sure, we here at Network Associates, Inc. and McAfee Security take pride in making sure that our customers and prospects are well treated. Josh, as far as the claims of product problems are concerned, I think knowing when would be extremely helpful. What was the version of the product and also what Operating System was it installed on? Feel free to contact me directly to discuss this issue. Entercept recently underwent rigorous testing at an independent, 3rd party security and IDS/IPS testing organization called The NSS Group (http://www.nss.co.uk/default.htm). The results of this testing are available directly from The NSS Group for all to read; however, I will state for this thread that Entercept earned the right to be called NSS Approved. Please do not hesitate to contact me on important issues like these. Thank you for your indulgence in letting me post my response. Regards, John Bedrick Group Product Marketing Manager Systems Security Network Associates, Inc. / McAfee Security John_Bedrick () nai com
Subject: RE: Entercept HIDS Question To: Ralph.Chapman () aebs com Cc: focus-ids () securityfocus com From: dlimanov () sct com Date: Mon, 8 Mar 2004 14:27:33 -0500 Our experience was early last year, not sure if it was already part of NAI then.. This said, we had gotten our share of confusion when Cisco bought Okena, especially from Cisco Tech Support not even knowing that Okena StormWatch was now part of their product line. :) Thanks, Dimitri |---------+----------------------------> | | "Ralph H. | | | Chapman" | | | <Ralph.Chapman@ae| | | bs.com> | | | | | | 03/04/2004 09:30 | | | PM | | | | |---------+----------------------------> >--------------------------------------------------------------------------------------------------------------| | | | To: <focus-ids () securityfocus com> | | cc: | | Subject: RE: Entercept HIDS Question | >--------------------------------------------------------------------------------------------------------------| I would be interested in hearing when (what time frame) are these "horror" stories coming from. Before or after Entercept was purchased by NAI? Was the "blue screen" incident, as mentioned before, using version 2.5 or 4.1? Thanks! ________________________________ From: dlimanov () sct com [mailto:dlimanov () sct com] Sent: Thu 3/4/2004 9:25 AM To: Zach.Forsyth () kiandra com Cc: focus-ids () securityfocus com Subject: RE: Entercept HIDS Question Same situation here. At the time of evaluation, we've contacted Entercept only to give up after two months of silence.. Needless to say, we went with Okena (now Cisco) and are very happy with it. Just like Zach, I had completely unpatched Windows2000 box with everything on it in the wild for over three month, protected by Okena - it did not get hacked. This was one of the best real-life tests I ever performed. :) HTH, Dimitri |---------+----------------------------> | | "Zach Forsyth" | | | <Zach.Forsyth@kia| | | ndra.com> | | | | | | 03/03/2004 05:39 | | | PM | | | | |---------+---------------------------->--------------------------------------------------------------------------------------------------------------|| | | To: <focus-ids () securityfocus com> | | cc: | | Subject: RE: Entercept HIDS Question |--------------------------------------------------------------------------------------------------------------|I have used the cisco security agent (use to be okena stormwatch) and the product was very good. I wanted to use entercept but after trying to contact them for over a month I gave up. To test the agent I put a completely unpatched win2k server out on the internt with the default server agent protecting it. It sat their for a month and was not compromised at all. A few hours after the trial period license for the agent expired the server was hit with sql slammer and infected. I did a lot more testing in the lab and was pleased with the product overall. Unfortunately the client we were looking to deploy the agent changed their mind and I never got to use it in as real world scenario. Download the trial and do some internal testing to see what you think. Cheers Zach-----Original Message----- From: Josh.Berry () compucom com [mailto:Josh.Berry () compucom com] Sent: Wednesday, 3 March 2004 5:25 AM To: sam () neuroflux com Cc: focus-ids () securityfocus com Subject: RE: Entercept HIDS Question My company bought Entercept and then immediately removed it from production if that tells you anything. It caused blue-screen's like crazy, huge performance issues, and blocked an inordinate amount of allowed traffic. This was even in detect only mode. -----Original Message----- From: sam () neuroflux com [mailto:sam () neuroflux com] Sent: Tuesday, March 02, 2004 11:31 AM To: focus-ids () securityfocus com Subject: Entercept HIDS Question Hello.. We are currently in the process of selecting a HIDS based product, and according to the Entercept sales person, they claim that the product has a feature that works very much like Tripwire. My question here, is how much overhead does it add to a server, to watch the filesystem in real time? And, if we already have Tripwire, would their File Integrity checking process be enough to replace Tripwire? And, if anyone is currently using the Entercept HIDS product, I'm wondering how easily it can be managed (not only from the HIDS piece, but from the file integrity standpoint -- excluding files, creating policies, etc.) Thanks! -Sam
--------------------------------------------------------------------------- Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN, wireless security Protect your network against hackers, viruses, spam and other risks with Astaro Security Linux, the comprehensive security solution that combines six applications in one software solution for ease of use and lower total cost of ownership. Download your free trial at http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301 ---------------------------------------------------------------------------
Current thread:
- RE: Entercept HIDS Question, (continued)
- RE: Entercept HIDS Question Josh.Berry (Mar 03)
- Re: Entercept HIDS Question gatekeeper (Mar 04)
- RE: Entercept HIDS Question Zach Forsyth (Mar 03)
- RE: Entercept HIDS Question dlimanov (Mar 04)
- RE: Entercept HIDS Question Josh.Berry (Mar 08)
- RE: Entercept HIDS Question Ralph H. Chapman (Mar 08)
- RE: Entercept HIDS Question dlimanov (Mar 08)
- Re: Entercept HIDS Question greg gonzalez (Mar 12)
- Re: Entercept HIDS Question counterveil (Mar 12)
- RE: Entercept HIDS Question simonis (Mar 12)
- Re: Entercept HIDS Question John Bedrick (Mar 12)
- RE: Entercept HIDS Question Ralph H. Chapman (Mar 15)
- Re: Entercept HIDS Question Johann_van_Duyn (Mar 16)
- RE: Entercept HIDS Question Josh.Berry (Mar 03)