IDS mailing list archives
RE: Network hardware IPS
From: Ron Gula <rgula () tenablesecurity com>
Date: Thu, 02 Oct 2003 11:15:45 -0400
At 11:22 AM 9/30/2003 -0500, Davis, Scott L wrote:
Anybody have any experience or feedback on the IntruShield product, especially since being acquired by NAI? They gave my company a sales pitch yesterday. They claim a "92% reduction in false positives". Of course the sales guy could not tell me what that was a reduction of, whether over their own previous products or a specific manufacturer, what type of environment etc. He did throw Greg's name and Neohapsis around quite a bit, to the point of quoting Greg as thinking the IntruShield 4000 is the best inline product in their market space. So any feedback, especially anything Mr. Shipley may feel comfortable adding, would be greatly appreciated.
Tenable just added support for IntruSheild in our Lightning Console. This can get you a large reduction of non-interesting events by correlating events from NAI's sensor with known vulnerabilities as well as allowing a lot of different individuals to see the IntruSheild events for just their networks. Having done an IDS before, I will say IntruSheild should be on everyone's list to look at, as they have done a lot of very good things. If you are the type of NIDS fellow who likes to tweak signatures and SSH into your box to check the logs, it's not for you. However, all of the customers I've talked with are happy with their Intrusheild's performance and report less overall events than with their previous NIDS. Ron Gula, CTO Tenable Network Security http://www.tenablesecurity.com --------------------------------------------------------------------------- Captus Networks IPS 4000Intrusion Prevention and Traffic Shaping Technology to: - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans
- Automatically Control P2P, IM and Spam Traffic - Precisely Define and Implement Network Security & Performance PoliciesFREE Vulnerability Assessment Toolkit - WhitePapers - Live Demo http://www.securityfocus.com/sponsor/CaptusNetworks_focus-ids_000101
---------------------------------------------------------------------------
Current thread:
- RE: Network hardware IPS Davis, Scott L (Oct 02)
- Re: Network hardware IPS Stefano Zanero (Oct 06)
- <Possible follow-ups>
- Re: Network hardware IPS Darren Bolding (Oct 02)
- Re: Network hardware IPS Alvin Wong (Oct 02)
- Re: Network hardware IPS Ravi Kumar (Oct 02)
- Re: Network hardware IPS Alvin Wong (Oct 02)
- Re: Network hardware IPS Ravi Kumar (Oct 06)
- RE: Network hardware IPS Ron Gula (Oct 02)
- Re: Network hardware IPS Gary Flynn (Oct 06)
- Re: Network hardware IPS david maynor (Oct 07)
- Re: Network hardware IPS Gary Flynn (Oct 08)
- Re: Network hardware IPS Gary Flynn (Oct 06)
- RE: Network hardware IPS Dave Killion (Oct 07)
- Re: Network hardware IPS Stefano Zanero (Oct 07)
- RE: Network hardware IPS david maynor (Oct 08)
- RE: Network hardware IPS Dave Killion (Oct 07)
- Re: Network hardware IPS Stefano Zanero (Oct 07)
- Re: Network hardware IPS George W. Capehart (Oct 08)
- RE: Network hardware IPS Dave Killion (Oct 08)