IDS mailing list archives

RE: Symantec Manhunt

From: "Hernansanz, Daniel" <dhernansanz () alava net>
Date: Thu, 4 Dec 2003 10:50:47 +0100

The company I work for is looking into Symantec Manhunt IDS.  As part

of my

research I was hoping anyone in this list familiar with this product

could

give me some of the positive and negatives of this IDS.


IMHO...

Man Hunt positives
==================
 - Hibryd detection: signature analysis + anomaly analysis
 - Centralized admin, with *correlation* capabilities
 - Third party event analysis and correlation (Checkpoint, Snort, ISS,
Tripwire...)
 - ManHunt: SW-NIDS (unix platform) and HW-NIDS (iForce appliance)
 - High availibility (HA) support
 - Reporting capabilities

Man Hunt negatives
==================
 - Licen$e (ok, cheaper than ISS and Enterasys, but...)
 - Symantec's portfolio is a mess, illogical: 
        * 2x N-IDS: ManHunt, Decoy Server
        * 2x H-IDS: Intruder Alert, HostIDS
        * 2x VA: NetRecon, Vulnerability Assessment
        * Old stuff: NetProwler, ManTrap
   How will it be reorganized? Will Symantec continue with ManHunt?



I hope this helps.

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Current thread:

RE: Symantec Manhunt Fergus Brooks (Dec 01)
- <Possible follow-ups>
- RE: Symantec Manhunt Mariusz Burdach (Dec 02)
- RE: Symantec Manhunt Hernansanz, Daniel (Dec 04)
- RE: Symantec Manhunt edward gonzales (Dec 04)
  - RE: Symantec Manhunt Fergus Brooks (Dec 05)
- RE: Symantec Manhunt Johann van Duyn (Dec 05)
- RE: Symantec Manhunt simonis (Dec 05)
- RE: Symantec Manhunt Troy Pressley (Dec 05)