IDS mailing list archives
RE: Symantec Manhunt
From: "Fergus Brooks" <fergusb () evolve-online com>
Date: Fri, 5 Dec 2003 10:26:55 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My understanding - and the goalposts seem to have moved around on this a bit, is what Edward described below - they are also in the process of glueing the whole lot together using an event management system that plugs into their SESA framework. With this you will be able to correlate events from Manhunt (NIDS) Symantec Host IDS (HIDS) Decoy Server (DIDS), compare them to actual Bugtraq reports (hence why they acquired Security Focus) and act on them accordingly. One of the reasons for all the name changes is to avoid confuion about what is SESAed and what isn't. They are still selling Intruder Alert for HIDS - I believe this is because there are a lot of clients who run it who are not interested in moving to the SESA framework just yet. So ITA and SHIDS are the only real overlapping products. All the best - regards... - -----Original Message----- From: edward gonzales [mailto:egon007 () msn com] Sent: Friday, 5 December 2003 5:55 AM To: focus-ids () securityfocus com Subject: RE: Symantec Manhunt I wouldn't say illogical. Decoy server is not a NIDS, it is a honeypot. Decoy Server (3.1) is the newer version of ManTrap (3.0.x) HIDS (4.x) is the newer version of ITA (3.x) Name changes made for the follow on versions. They don't overlap. I can't speak for the other products mentioned below. I've never used them
IMHO... Man Hunt positives ================== - Hibryd detection: signature analysis + anomaly analysis - Centralized admin, with *correlation* capabilities - Third party event analysis and correlation (Checkpoint, Snort, ISS, Tripwire...) - ManHunt: SW-NIDS (unix platform) and HW-NIDS (iForce appliance) - High availibility (HA) support - Reporting capabilities Man Hunt negatives ================== - Licen$e (ok, cheaper than ISS and Enterasys, but...) - Symantec's portfolio is a mess, illogical: * 2x N-IDS: ManHunt, Decoy Server * 2x H-IDS: Intruder Alert, HostIDS * 2x VA: NetRecon, Vulnerability Assessment * Old stuff: NetProwler, ManTrap How will it be reorganized? Will Symantec continue with ManHunt? I hope this helps. --------------------------------------------------------------------- -- ---- --------------------------------------------------------------------- ------
_________________________________________________________________ Don't worry if your Inbox will max out while you are enjoying the holidays. Get MSN Extra Storage! http://join.msn.com/?PAGE=features/es - ---------------------------------------------------------------------- - ----- - ---------------------------------------------------------------------- - ----- - -- This message has been scanned by AVMail -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBP8/s7+p3R5ex94NLEQKwvACdFpl+LuPPW2GP7K6aBVhywIAvg1oAoM7S m/Cn3uuw4M1SKUdtGLp0TZwz =8WTW -----END PGP SIGNATURE----- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: Symantec Manhunt Fergus Brooks (Dec 01)
- <Possible follow-ups>
- RE: Symantec Manhunt Mariusz Burdach (Dec 02)
- RE: Symantec Manhunt Hernansanz, Daniel (Dec 04)
- RE: Symantec Manhunt edward gonzales (Dec 04)
- RE: Symantec Manhunt Fergus Brooks (Dec 05)
- RE: Symantec Manhunt Johann van Duyn (Dec 05)
- RE: Symantec Manhunt simonis (Dec 05)
- RE: Symantec Manhunt Troy Pressley (Dec 05)