Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Affordable Network Behavior Analysis alternatives
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Wed, 28 Jul 2004 17:16:33 -0500

My question is simple, are there any other commercial 
out-of-the-box alternatives to QRadar? Something that isn't 
going to cost me >$40,000 to deploy?

All the ones I have seen so far are megabucks (Qradar and 
Arbor Networks). I will be checking out intrusense as soon
as I can get a demo copy based on everyone elses positive replies.

Lancope and Securify both have appliances that start in the 10k
range. Mazu has a nice offering too, but I'm not sure if they ever
came out with anything affordable for smaller environments (at one
time it was about 120k+ to get in the door if I remember correctly).

Personally I think Stealthwatch is the easiest to configure/tune of
the ones I've seen mentioned above (I've not seen Intrusense's nsight).

Securify has limited protocol validation going for it too, if you don't
already have that in your NIDS. Stealthwatch also has some strong
points like setting ACLs when needed.

Not knowing how many collection points you need, how much
traffic you have (and how easily you can aggregate it) it's hard
to say whether or not you can get by on one 10k appliance.

Good luck, and sorry for the auto-disclaimer that will be attached
to my email as soon as it leaves my mail server,

Arian Evans
Sr. Security Engineer
FishNet Security

KC Office:  816.421.6611
Direct: 816.701.2045
Toll Free:  888.732.9406
Fax:  816.474.0394


The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or 
privileged material. 
Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information 
by persons or entities
other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you 
received this communication 
in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network 

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]