IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Entercept HIDS Question

From: Johann_van_Duyn () bat com
Date: Tue, 16 Mar 2004 19:00:13 +0200
... unless you consider what happened to exciting, impressive security 
products like the Gauntlet Firewall, CyberCop and PGP after NAI bought 
them up and had their way with them. That thought would give me the 
heebie-jeebies if my career were to be staked on an installation of 
Entercept. 

Personally, I'd wait a while and see whether NAI is able to keep the ball 
rolling on this one, and not drop it like it did with the aforementioned 
products... :-/

Cisco, on the other hand, doesn't have quite the track record that NAI has 
when it comes to scr*wing up impressive products.

--------------------------------------------------------
J o h a n n   v a n   D u y n, CISSP
--------------------------------------------------------
"You can kill a man but you can't kill what he stands for. 
 Not unless you first break his spirit. 
 That's a beautiful thing to see."
 
                                                                 -- Cancer 
Man, The X-Files





greg gonzalez <greg () intercerve com>
09-03-2004 21:58

 
        To:     focus-ids () securityfocus com
        cc: 
        Subject:        Re: Entercept HIDS Question


In-Reply-To: 
<866F7E4F7E1C074BA773BD7FD00F38660860C0 () aemdmail aebsinternal com>

We've used Entercept in several production environments since early 2000. 
We have also beta tested several versions of the product since that time, 
going back to the days before it was OEM'd by Cisco to the present day NAI 
product line.  Overall our experience with the product and the company has 
been tremendous.  There is little, if any, noticeable performance impact 
on web, file or SQL servers, and many of our systems are high-volume and 
mission critical.  The signatures (or exceptions) are indeed highly 
"tunable" based upon specific file details, processes, users, groups, etc.



Not sure about some of the previous comments regarding stability, although 
it sounds like Entercept's sales org may have dropped the ball in a few 
cases.  That's too bad.  There were some isolated stability issues with 
some very early versions, however they were able to work through them and 
we've found the current product line to be quite stable, and it has been 
for a few years now.



The Entercept management interface is very slick, and can easily handle 
larger environments with hundreds or thousands of agents.  It's beyond the 
scope of this post to get into all of the details of what you can do with 
it, but if you are looking for a serious enterprise class HIDS/HIPS 
solution I'd definitely recommend taking a closer look...



-greg gonzalez


______________________________________________________________________
Confidentiality Notice: The information in this document and attachments is confidential and may also be legally 
privileged.  It is intended only for the use of the named recipient.  Internet communications are not secure and 
therefore British American Tobacco does not accept legal responsibility for the contents of this message.  If you are 
not the intended recipient, please notify us immediately and then delete this document.  Do not disclose the contents 
of this document to any other person, nor take any copies.  Violation of this notice may be unlawful.
______________________________________________________________________

---------------------------------------------------------------------------
Test your IDS

Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.

Visit: 
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: