IDS mailing list archives
Re: Entercept HIDS Question
From: Johann_van_Duyn () bat com
Date: Tue, 16 Mar 2004 19:00:13 +0200
... unless you consider what happened to exciting, impressive security products like the Gauntlet Firewall, CyberCop and PGP after NAI bought them up and had their way with them. That thought would give me the heebie-jeebies if my career were to be staked on an installation of Entercept. Personally, I'd wait a while and see whether NAI is able to keep the ball rolling on this one, and not drop it like it did with the aforementioned products... :-/ Cisco, on the other hand, doesn't have quite the track record that NAI has when it comes to scr*wing up impressive products. -------------------------------------------------------- J o h a n n v a n D u y n, CISSP -------------------------------------------------------- "You can kill a man but you can't kill what he stands for. Not unless you first break his spirit. That's a beautiful thing to see." -- Cancer Man, The X-Files greg gonzalez <greg () intercerve com> 09-03-2004 21:58 To: focus-ids () securityfocus com cc: Subject: Re: Entercept HIDS Question In-Reply-To: <866F7E4F7E1C074BA773BD7FD00F38660860C0 () aemdmail aebsinternal com> We've used Entercept in several production environments since early 2000. We have also beta tested several versions of the product since that time, going back to the days before it was OEM'd by Cisco to the present day NAI product line. Overall our experience with the product and the company has been tremendous. There is little, if any, noticeable performance impact on web, file or SQL servers, and many of our systems are high-volume and mission critical. The signatures (or exceptions) are indeed highly "tunable" based upon specific file details, processes, users, groups, etc. Not sure about some of the previous comments regarding stability, although it sounds like Entercept's sales org may have dropped the ball in a few cases. That's too bad. There were some isolated stability issues with some very early versions, however they were able to work through them and we've found the current product line to be quite stable, and it has been for a few years now. The Entercept management interface is very slick, and can easily handle larger environments with hundreds or thousands of agents. It's beyond the scope of this post to get into all of the details of what you can do with it, but if you are looking for a serious enterprise class HIDS/HIPS solution I'd definitely recommend taking a closer look... -greg gonzalez ______________________________________________________________________ Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. It is intended only for the use of the named recipient. Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for the contents of this message. If you are not the intended recipient, please notify us immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful. ______________________________________________________________________ --------------------------------------------------------------------------- Test your IDS Is your IDS deployed correctly? Find out by easily testing it with real-world attacks from CORE IMPACT. Visit: www.coresecurity.com/promos/sf_eids1 to learn more. ---------------------------------------------------------------------------
Current thread:
- RE: Entercept HIDS Question, (continued)
- RE: Entercept HIDS Question Zach Forsyth (Mar 03)
- RE: Entercept HIDS Question dlimanov (Mar 04)
- RE: Entercept HIDS Question Josh.Berry (Mar 08)
- RE: Entercept HIDS Question Ralph H. Chapman (Mar 08)
- RE: Entercept HIDS Question dlimanov (Mar 08)
- Re: Entercept HIDS Question greg gonzalez (Mar 12)
- Re: Entercept HIDS Question counterveil (Mar 12)
- RE: Entercept HIDS Question simonis (Mar 12)
- Re: Entercept HIDS Question John Bedrick (Mar 12)
- RE: Entercept HIDS Question Ralph H. Chapman (Mar 15)
- Re: Entercept HIDS Question Johann_van_Duyn (Mar 16)