Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Assessment tools/Scanners

From: gshipley () neohapsis com (Greg Shipley)
Date: Fri, 8 Oct 1999 12:48:36 -0500 (CDT)



On Fri, 8 Oct 1999, Staggs, Michael wrote:


Good day all. In response to the below comment concerning NAI's CyberCop
licensing model... The current canned agreement is based upon the number of
nodes present on the licencee's network. Mr Shipley is quite correct when he
opines (pardon the paraphrase, sir) that this model can be a real headache
at times.

However, please note that NAI sales personnel have the lattitude to change
this standard agreement on the terms and conditions of sale. They can make
that license say node, network, subnet, host, connections, even days of the
week- anything that is mutually agreeable to both parties.


Huh.  Interesting.  I'd love to be introduced to such a sales person,
because here, in Chicago, this was SPECIFICALLY STATED as NOT an option by
my "Chicago" sales rep.  I was told:

NAI: "Cybercop Scanner is licensed on a per-node basis."
Me: "You mean per-server I want to scan?"
NAI: "No, on how many nodes you have on your network"
Me: "Well suppose I have 100 servers and 2,600 desktops?  I don't want to
     scan my desktops."
NAI: "It will cost x/per node."
Me: "So what happens if I have 100 servers and 500 desktops?"
NAI: "Then the cost is reduced to y/per node."
Me: "Doesn't that seem sort of silly?  I'm not going to scan my desktops,
I'm just going to scan my servers..."
NAI: "That's just the way it is."
Me: "So basically this is licensed the same way as your virus scanner?"
NAI: "Correct"
Me: "Is there anyway around this?"
NAI: "No."
 
So how big does one have to be before such flexibility is demonstrated?

Thanks,

-Greg
Previous By Date Next
Previous By Thread Next

Current thread: