IDS mailing list archives
Intrushield User Experiences Warts 'n' All
From: "Andy Cuff" <lists () securitywizardry com>
Date: Mon, 25 Apr 2005 19:43:04 +0100
Hi List Members I was wondering if anyone could enlighten me with their experiences with Intrushield IPS, especially in a large environment. I'm especially interested in (marketeers need not reply): How easy is it to tune? What are the false positive rates like? Can you write custom signatures? How easy is it to update, both signatures and appliance patches? How frequently do you receive signature updates? Does it provide sufficient information for an analyst to resolve an event? Does it do packet capture: a. per event? b. rolling? c. how easy is it to recover said packets? What is the support like? Value Added? Good points? Bad Points? Those more important points that I can't remember right now? I realise I can get much of the above from the website, but I would like to hear it from the horses mouth, from practitioners in the field. Regards Andy Cuff Chief Technology Officer Computer Network Defence Ltd http://SecurityWizardry.com Phone (+44) (0) 7968 608945 -------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- Intrushield User Experiences Warts 'n' All Andy Cuff (Apr 27)
- RE: Intrushield User Experiences Warts 'n' All Ed Gibbs (Apr 27)
- Re: Intrushield User Experiences Warts 'n' All david kuhlman (Apr 29)
- <Possible follow-ups>
- RE: Intrushield User Experiences Warts 'n' All Brian Smith (Apr 27)