Re: ForeScout ActiveScout

[Gadi Evron <ge () linuxbox org>]

> But one weak point I see in their approach (or their product offering)
> is that they narrowed their intrusion detection scope to only on those
> traffics going to the fake place.

Not so. They do give higher score to traffic going to non-existent IP's 
- i.e. virtual hosts the machine "acts like they are alive", but the 
whole methodology we discussed actually works on real IP's.

Seeing someone attack a non-existent IP is always nice, though. ;)

> Recently, I have been exposed to a start-up security company,
> CyberShield Networks. They developed a similar approach to enable
> users being proactive, but the complete package they offer goes way
> beyond just reporting attacks from the fake place, they cover
> intrusion detection over the entire IP space assigned under their

I don't see how this differs from ActiveScout. Can you provide more 
details? It sounds very interesting. What do they do?

> protection. Also they implemented a RADAR screen and transformed
> attacks into blips on the RADAR, that makes our security guys life a
> lot easier as far as sorting out the priorities among the attacks
> reported. Pretty cool stuff.

Cool GUI, being cool, is important for ease of use. It is not, however, 
 what I am looking for in a product.

        Gadi.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------