Re: Considering nSight, any opinions?

["J.A. Terranson" <measl () mfn org>]

On Thu, 28 Jul 2005, Jason Heschel wrote:

> Hi list,
>
> I tried sending this to a SecurityFocus list but I think everyone's at
> Blackhat or something. :)
>
> We've spent the last few weeks evaluating nSight (www.intrusense.com).
> It's been very helpful in identifying exactly what, when and who is
> eatting up all of our internal network bandwdith as well expose some
> 'strange' internal network behavior which was causing some
> intermittent problems with our Windows hosts.  Anyways, we're now
> considering making a purchase.
>
> I'm curious to hear any opinions, problems or praise people have for
> this software. Does it scale well? It seems to collect a lot of
> information. How does it perform after collecting several months worth
> of data?

While I'm not familiar with this product itself, this sounds like a
knockoff of the Arbor product - which I LOVE, but which even the worlds
largest NSPs cringe at in terms of price.  If you have rudimentary shell
scripting skills with just a touch of C, you can easily roll your own
using netflow records.  Barring that, this class of software provides
useful information and I recommend them (by class) as "must have's" to any
medium or larger network.


HTH,

//Alif
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/