RE: Symantec Manhunt

["Fergus Brooks" <fergusb () evolve-online com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My understanding - and the goalposts seem to have moved around on
this a bit, is what Edward described below - they are also in the
process of glueing the whole lot together using an event management
system that plugs into their SESA framework.

With this you will be able to correlate events from Manhunt (NIDS)
Symantec Host IDS (HIDS) Decoy Server (DIDS), compare them to actual
Bugtraq reports (hence why they acquired Security Focus) and act on
them accordingly.

One of the reasons for all the name changes is to avoid confuion
about what is SESAed and what isn't.

They are still selling Intruder Alert for HIDS - I believe this is
because there are a lot of clients who run it who are not interested
in moving to the SESA framework just yet. So ITA and SHIDS are the
only real overlapping products.

All the best - regards...


- -----Original Message-----
From: edward gonzales [mailto:egon007 () msn com] 
Sent: Friday, 5 December 2003 5:55 AM
To: focus-ids () securityfocus com
Subject: RE: Symantec Manhunt


I wouldn't say illogical.
Decoy server is not a NIDS, it is a honeypot.
Decoy Server (3.1) is the newer version of ManTrap (3.0.x)
HIDS (4.x) is the newer version of ITA (3.x)
Name changes made for the follow on versions.  They don't overlap. I
can't speak for the other products mentioned below.  I've never used
them


> IMHO...
>
> Man Hunt positives
> ==================
>  - Hibryd detection: signature analysis + anomaly analysis
>  - Centralized admin, with *correlation* capabilities
>  - Third party event analysis and correlation (Checkpoint, Snort,
> ISS, 
> Tripwire...)
>  - ManHunt: SW-NIDS (unix platform) and HW-NIDS (iForce appliance)
>  - High availibility (HA) support
>  - Reporting capabilities
>
> Man Hunt negatives
> ==================
>  - Licen$e (ok, cheaper than ISS and Enterasys, but...)
>  - Symantec's portfolio is a mess, illogical:
>       * 2x N-IDS: ManHunt, Decoy Server
>       * 2x H-IDS: Intruder Alert, HostIDS
>       * 2x VA: NetRecon, Vulnerability Assessment
>       * Old stuff: NetProwler, ManTrap
>    How will it be reorganized? Will Symantec continue with ManHunt?
>
>
>
> I hope this helps.
>
> ---------------------------------------------------------------------
> -- ----
> ---------------------------------------------------------------------
> ------  

_________________________________________________________________
Don't worry if your Inbox will max out while you are enjoying the
holidays.  
Get MSN Extra Storage!  http://join.msn.com/?PAGE=features/es


- ----------------------------------------------------------------------
- -----
- ----------------------------------------------------------------------
- -----

- --
This message has been scanned by AVMail

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBP8/s7+p3R5ex94NLEQKwvACdFpl+LuPPW2GP7K6aBVhywIAvg1oAoM7S
m/Cn3uuw4M1SKUdtGLp0TZwz
=8WTW
-----END PGP SIGNATURE-----


---------------------------------------------------------------------------
---------------------------------------------------------------------------