IDS mailing list archives
RE: Symantec Manhunt
From: Troy Pressley <Troy_Pressley () advantechsolutions com>
Date: Fri, 5 Dec 2003 14:38:13 -0500
A few other notes to take into account. - SESA (Symantec Enterprise Security Architecture) needs it's own dedicated server IMHO and the minimum requirements for it are not Small Big Processor and lots of Memory. SESA is a beast of its own, and has had a few gotcha's in its early inception. (i.e.: Complete reinstall instead of updates with earlier changes) - Decoy Server is the ManTrap Product from Recourse, which were also the original owners of ManHunt. - HIDS with SESA is not a simple product to deploy. Once you have SESA under control, Setting up the HIDS policies is tedious. Just my .02 cents. -T ------------------------------------------------------------- Troy E. Pressley Senior Systems Engineer Advantech Solutions 1410 N. Westshore Blvd. Suite 600 Tampa, FL 33607 813.207.8654 ------------------------------------------------------------- -----Original Message----- From: Johann van Duyn [mailto:Johann_van_Duyn () bat com] Sent: Friday, December 05, 2003 8:54 AM To: Hernansanz Daniel Cc: Duston Sickler; focus-ids () securityfocus com Subject: RE: Symantec Manhunt Daniel, Regarding the Symantec product portfolio: (It can be a bit confusing, but I talk to Symantec fairly often, so I have an idea as to what their products do. I currently use quite a few of their products, and have done so in previous jobs, too.) ManHunt and Decoy Server perform very different functions. ManHunt = NIDS; Decoy Server = Honeypot. There is actually a difference there. :-) HIDS is the "new" Intruder Alert... it will eventually completely replace ITA on all platforms. This gives us 1 H-IDS. :-) NetRecon is a network-based vulnerability scanner, while Vulnerability Assessment is an agent-based vulnerabiliy assessor. (VA looks at the machine from the inside, NetRecon looks at the machine from the outside.) :-) (What does get a bit blurry is the difference between ESM and VA, since VA seems to be little more than ESM from a "vulenrability enumeration" point of view. If I were a Symantec employee, I would hurt a product manager or two until they merge ESM and VA.) NetProwler is no more. ManTrap is now called Decoy Server, just like Raptor is now called Symantec Enterprise Firewall and PowerVPN is now called Symantec Enterprise VPN. :-) Hope this elucidates things a bit. Cheers -------------------------------------------------------- J o h a n n v a n D u y n, CISSP IT Risk and Security Manager: British American Tobacco South Africa Stellenbosch, South Africa Tel. +27 (21) 8883765 Cel. +27 (82) 3248035 Fax. +27 (21) 8883587 eFax. +1 (509) 2785044 E:mail: johann_van_duyn () bat com -------------------------------------------------------- "Very funny, Scotty... Now beam down my clothes!" -- Captain Kirk (unconfirmed) "Hernansanz Daniel" <dhernansanz () alava net> 04-12-2003 11:50 To: focus-ids () securityfocus com cc: "Duston Sickler" <dustons () charter net>, (bcc: Johann van Duyn/Stellenbosch/ZA/BATCo) Subject: RE: Symantec Manhunt
The company I work for is looking into Symantec Manhunt IDS. As part
of my
research I was hoping anyone in this list familiar with this product
could
give me some of the positive and negatives of this IDS.
IMHO... Man Hunt positives ================== - Hibryd detection: signature analysis + anomaly analysis - Centralized admin, with *correlation* capabilities - Third party event analysis and correlation (Checkpoint, Snort, ISS, Tripwire...) - ManHunt: SW-NIDS (unix platform) and HW-NIDS (iForce appliance) - High availibility (HA) support - Reporting capabilities Man Hunt negatives ================== - Licen$e (ok, cheaper than ISS and Enterasys, but...) - Symantec's portfolio is a mess, illogical: * 2x N-IDS: ManHunt, Decoy Server * 2x H-IDS: Intruder Alert, HostIDS * 2x VA: NetRecon, Vulnerability Assessment * Old stuff: NetProwler, ManTrap How will it be reorganized? Will Symantec continue with ManHunt? I hope this helps. --------------------------------------------------------------------------- --------------------------------------------------------------------------- Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. It is intended only for the use of the named recipient. Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for the contents of this message. If you are not the intended recipient,please notify us immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful. --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: Symantec Manhunt Fergus Brooks (Dec 01)
- <Possible follow-ups>
- RE: Symantec Manhunt Mariusz Burdach (Dec 02)
- RE: Symantec Manhunt Hernansanz, Daniel (Dec 04)
- RE: Symantec Manhunt edward gonzales (Dec 04)
- RE: Symantec Manhunt Fergus Brooks (Dec 05)
- RE: Symantec Manhunt Johann van Duyn (Dec 05)
- RE: Symantec Manhunt simonis (Dec 05)
- RE: Symantec Manhunt Troy Pressley (Dec 05)