IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Symantec Manhunt

From: "edward gonzales" <egon007 () msn com>
Date: Thu, 04 Dec 2003 13:55:10 -0800
I wouldn't say illogical.
Decoy server is not a NIDS, it is a honeypot.
Decoy Server (3.1) is the newer version of ManTrap (3.0.x)
HIDS (4.x) is the newer version of ITA (3.x)
Name changes made for the follow on versions.  They don't overlap.
I can't speak for the other products mentioned below.  I've never used them



IMHO...

Man Hunt positives
==================
 - Hibryd detection: signature analysis + anomaly analysis
 - Centralized admin, with *correlation* capabilities
 - Third party event analysis and correlation (Checkpoint, Snort, ISS,
Tripwire...)
 - ManHunt: SW-NIDS (unix platform) and HW-NIDS (iForce appliance)
 - High availibility (HA) support
 - Reporting capabilities

Man Hunt negatives
==================
 - Licen$e (ok, cheaper than ISS and Enterasys, but...)
 - Symantec's portfolio is a mess, illogical:
        * 2x N-IDS: ManHunt, Decoy Server
        * 2x H-IDS: Intruder Alert, HostIDS
        * 2x VA: NetRecon, Vulnerability Assessment
        * Old stuff: NetProwler, ManTrap
   How will it be reorganized? Will Symantec continue with ManHunt?



I hope this helps.

---------------------------------------------------------------------------
---------------------------------------------------------------------------



_________________________________________________________________
Don’t worry if your Inbox will max out while you are enjoying the holidays. Get MSN Extra Storage! http://join.msn.com/?PAGE=features/es 


---------------------------------------------------------------------------
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: