... unless you consider what happened to exciting, impressive security
products like the Gauntlet Firewall, CyberCop and PGP after NAI bought
them up and had their way with them. That thought would give me the
heebie-jeebies if my career were to be staked on an installation of
Entercept.
Personally, I'd wait a while and see whether NAI is able to keep the ball
rolling on this one, and not drop it like it did with the aforementioned
products... :-/
Cisco, on the other hand, doesn't have quite the track record that NAI has
when it comes to scr*wing up impressive products.
--------------------------------------------------------
J o h a n n v a n D u y n, CISSP
--------------------------------------------------------
"You can kill a man but you can't kill what he stands for.
Not unless you first break his spirit.
That's a beautiful thing to see."
-- Cancer
Man, The X-Files
greg gonzalez <greg_at_intercerve.com>
09-03-2004 21:58
To: focus-ids_at_securityfocus.com
cc:
Subject: Re: Entercept HIDS Question
In-Reply-To:
<866F7E4F7E1C074BA773BD7FD00F38660860C0_at_aemdmail.aebsinternal.com>
We've used Entercept in several production environments since early 2000.
We have also beta tested several versions of the product since that time,
going back to the days before it was OEM'd by Cisco to the present day NAI
product line. Overall our experience with the product and the company has
been tremendous. There is little, if any, noticeable performance impact
on web, file or SQL servers, and many of our systems are high-volume and
mission critical. The signatures (or exceptions) are indeed highly
"tunable" based upon specific file details, processes, users, groups, etc.
Not sure about some of the previous comments regarding stability, although
it sounds like Entercept's sales org may have dropped the ball in a few
cases. That's too bad. There were some isolated stability issues with
some very early versions, however they were able to work through them and
we've found the current product line to be quite stable, and it has been
for a few years now.
The Entercept management interface is very slick, and can easily handle
larger environments with hundreds or thousands of agents. It's beyond the
scope of this post to get into all of the details of what you can do with
it, but if you are looking for a serious enterprise class HIDS/HIPS
solution I'd definitely recommend taking a closer look...
-greg gonzalez
______________________________________________________________________
Confidentiality Notice: The information in this document and attachments is confidential and may also be legally privileged. It is intended only for the use of the named recipient. Internet communications are not secure and therefore British American Tobacco does not accept legal responsibility for the contents of this message. If you are not the intended recipient, please notify us immediately and then delete this document. Do not disclose the contents of this document to any other person, nor take any copies. Violation of this notice may be unlawful.
______________________________________________________________________
---------------------------------------------------------------------------
Test your IDS
Is your IDS deployed correctly?
Find out by easily testing it with real-world attacks from CORE IMPACT.
Visit:
www.coresecurity.com/promos/sf_eids1 to learn more.
---------------------------------------------------------------------------
Received on Mar 17 2004
Intro
