mailing list archives
RE: Affordable Network Behavior Analysis alternatives
From: "Evans, Arian" <Arian.Evans () fishnetsecurity com>
Date: Wed, 28 Jul 2004 17:16:33 -0500
My question is simple, are there any other commercial
out-of-the-box alternatives to QRadar? Something that isn't
going to cost me >$40,000 to deploy?
All the ones I have seen so far are megabucks (Qradar and
Arbor Networks). I will be checking out intrusense as soon
as I can get a demo copy based on everyone elses positive replies.
Lancope and Securify both have appliances that start in the 10k
range. Mazu has a nice offering too, but I'm not sure if they ever
came out with anything affordable for smaller environments (at one
time it was about 120k+ to get in the door if I remember correctly).
Personally I think Stealthwatch is the easiest to configure/tune of
the ones I've seen mentioned above (I've not seen Intrusense's nsight).
Securify has limited protocol validation going for it too, if you don't
already have that in your NIDS. Stealthwatch also has some strong
points like setting ACLs when needed.
Not knowing how many collection points you need, how much
traffic you have (and how easily you can aggregate it) it's hard
to say whether or not you can get by on one 10k appliance.
Good luck, and sorry for the auto-disclaimer that will be attached
to my email as soon as it leaves my mail server,
Sr. Security Engineer
KC Office: 816.421.6611
Toll Free: 888.732.9406
The information transmitted in this e-mail is intended only for the addressee and may contain confidential and/or
Any interception, review, retransmission, dissemination, or other use of, or taking of any action upon this information
by persons or entities
other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you
received this communication
in error, please contact us immediately at 816.421.6611, and delete the communication from any computer or network
Full-Disclosure - We believe in it.