IDS mailing list archives
Re: ForeScout ActiveScout
From: Gadi Evron <ge () linuxbox org>
Date: Tue, 11 Jan 2005 12:12:30 +0200
But one weak point I see in their approach (or their product offering) is that they narrowed their intrusion detection scope to only on those traffics going to the fake place.
Not so. They do give higher score to traffic going to non-existent IP's - i.e. virtual hosts the machine "acts like they are alive", but the whole methodology we discussed actually works on real IP's.
Seeing someone attack a non-existent IP is always nice, though. ;)
Recently, I have been exposed to a start-up security company, CyberShield Networks. They developed a similar approach to enable users being proactive, but the complete package they offer goes way beyond just reporting attacks from the fake place, they cover intrusion detection over the entire IP space assigned under their
I don't see how this differs from ActiveScout. Can you provide more details? It sounds very interesting. What do they do?
protection. Also they implemented a RADAR screen and transformed attacks into blips on the RADAR, that makes our security guys life a lot easier as far as sorting out the priorities among the attacks reported. Pretty cool stuff.
Cool GUI, being cool, is important for ease of use. It is not, however, what I am looking for in a product.
Gadi. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly?Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------
Current thread:
- ForeScout ActiveScout Brent Stackhouse (Jan 07)
- Re: ForeScout ActiveScout Gadi Evron (Jan 08)
- Re: ForeScout ActiveScout Brent Stackhouse (Jan 08)
- Re: ForeScout ActiveScout Gadi Evron (Jan 10)
- Re: ForeScout ActiveScout Brent Stackhouse (Jan 08)
- <Possible follow-ups>
- RE: ForeScout ActiveScout Carey, Steve T GARRISON (Jan 08)
- Re: ForeScout ActiveScout dywzh dywzh (Jan 10)
- Re: ForeScout ActiveScout Brent Stackhouse (Jan 10)
- Re: ForeScout ActiveScout Gadi Evron (Jan 12)
- Re: ForeScout ActiveScout Erik F (Jan 12)
- Re: ForeScout ActiveScout Gadi Evron (Jan 08)