Intrusion Detection Systems mailing list archives

RE: Axent IDS tools

From: "Sanchez-Cherry, Kevin" <Kevin.Sanchez-Cherry () nasd com>
Date: Wed, 02 Aug 2000 10:13:50 -0400

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
-----------------------------------------------------------------------------
My company currently has Intruder Alert, I evaluated ESM, and one of the
other engineers is testing NetProwler.  There is integration between ITA,
ESM and NetProwler, but I don't have any experience with NetRecon.  I
personally liked ESM, because it is an out-of-the-box solution, even if you
wanted to use other custom policies, you can still have monitoring while
working on them.  I think ESM will work best, depending on how much you want
to monitor, to put the agents on your PDCs and BDCs to monitor the user
accounts.  If you wanted monitoring at the user level, beyond the accounts
on the domain controllers, then you can put agents on each users desktop.
The only thing you have to do while testing is check for system resource
usage. That is going to be the killer if an agent suddenly uses 95% of CPU
time every time it is turned on.  I had that problem with ITA on 1 users
desktop.

-----Original Message-----
From: John G Taylor [mailto:john_g_taylor () cgu com au]
Sent: Wednesday, August 02, 2000 3:15 AM
To: ids () uow edu au
Subject: IDS: Axent IDS tools


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
----------------------------------------------------------------------------
-
Hi,

I'm currently investigating IDS tools.  Has anyone used the Axent tool sets
before?

I'm looking at 
        NetRecon
        Enterprise Security Manager
        Netprowler

I know there is some cross over in what can be done but if anyone has had
exposure to these products I'd be glad to here from you.

The NetRecon product seems quite good.

thanks,

John Taylor

Current thread:

Axent IDS tools John G Taylor (Aug 02)
- Re: Axent IDS tools Talisker (Aug 03)
- <Possible follow-ups>
- RE: Axent IDS tools Sanchez-Cherry, Kevin (Aug 03)