Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

RE: RE: Info needed to compare Axent ITA and ISS RealSecure

From: charrington () axent com (Chad Harrington)
Date: Wed, 5 Jul 2000 12:16:20 -0400 

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
Let me clarify:

Axent's predecessor, Raxco, was formerly Clyde Digital, which came out with
Audit for VMS (host-based IDS) in the late '70's / early 80's.  The person
who wrote it, Rob Clyde is still at Axent.  The Audit product later became
Intruder Alert.  Axent's Intruder Alert, which holds 75% of the world-wide
host-based IDS market share (IDC numbers, not ours), has been around since
the early '90's.  This is all documented in Rebecca Gurley Bace's recent
book, Intrusion Detection.  I think those who have commented are thinking of
NETWORK-based IDS, not both types of IDS.  As was noted, the NetProwler
product originally came from an acquisition; we do not claim to be the first
in the network-based market, but are very pleased with the 3.5 NetProwler
network-based offering.

I was purposefully vague, as I did not want to get in to a feature war.  The
review by Network Computing is outdated, and doesn't talk at all about the
3.5 release of both our network and host IDS products, which introduced
major changes and enhancements.  A more current review is from Secure
Computing Magazine, which gave the "Prowler IDS 3.5 (Intruder Alert &
NetProwler) the top rating - 5 Stars.
        The review notes:

        AXENT's products (Intruder Alert and NetProwler) have made huge
leaps in the past year, and now give RealSecure (our favorite in previous
reviews) a run for its money. All three of these products combine efficient
monitoring engines with a very usable management interface and
easily-configurable security policies. AXENT has made significant
improvement to the ease-of-use in creating custom-attack signatures. The
combination of Intruder Alert and NetProwler provide both host- and
network-based coverage, which is hard to beat - on this basis we are
awarding both products with a Best Buy.

        Here is the link to the review:
http://www.scmagazine.com/scmagazine/2000_06/testc/testc.html

A question for all:

        Why do people often think "IDS == Network-based IDS?"


Chad Harrington
Technical Product Manager - Intruder Alert
Axent Technologies, Inc. 
796 E. Utah Valley Drive, Suite 200
American Fork, UT 84003
Tel: 801-227-3729 
Fax: 801-227-3781
charrington () axent com


-----Original Message-----
From: mht () clark net [SMTP:mht () clark net]
Sent: Tuesday, July 04, 2000 6:04 PM
To:   Marcus J. Ranum
Cc:   ids () uow edu au; mri () netsec ch
Subject:      Re: IDS: RE: Info needed to compare Axent ITA and ISS
RealSecure

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au
--------------------------------------------------------------------------
---
Well..

If you really want to get historical here.  Digital Equipment produced an
in-house IDS product for themselves prior to 1992..  But since Digital was
not in the IDS market, they dropped it.. Now, if you look back this is the
same company that gave birth to VAXNOTES ( now Lotus Notes) and of course,
let's not forget the DecSeal, whic of course, everyone knows the
montrosities that grew out of that concept.. :)

The IDS market is about 5 years old more or less.  It has been segmented
by the public into various segments depending on the snake/marketing type
folks spurt out on any given day.  

Being first, doesn't really matter, alerting the right folks at the right
time is the name of the game.  If an IDS product cannot validate an
organization's security architecture or security policy, then the product
might as well be a desert topping or door stop and/or both.

Detection, Actual Readable and understandable Reports, Correlation of
multi-trigger events and time to market is the name of the game.

ISS has been the leader for many years due sheer lack of competition not
because their product is bigger, badder or meaner.  Axent, NAI are behind
the eight ball due to their swallowing/acquiring of the little folks.

So the race has now begun on who will be #2 and then #1..

Sales, Number of successful installations, and number of years an IDS
system is in place is all being measured.. :)

  




On Tue, 4 Jul 2000, Marcus J. Ranum wrote:


Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au


--------------------------------------------------------------------------
---

Mark Renfer <mri () netsec ch> writes in response to some
 marketing guy from Axent who claims:
]> Axent has been in the business of IDS longer than any commercial


Well, our product SPECTER has been on the international market for
more than three years now, and it _is_ a commercial product. But I am


    Bill Hancock was selling some kind of VMS-oid IDS
back in the early days of Network-1 (this would be ~1992 or
so) and Steve Smaha's Haystack was selling Stalker around the
same time. I dunno if Bill reads the list or would be willing
to comment on any other commercial offerings that we on the
market back then..

    Saying "We were the first IDS on the market" is a
good way for a lot of vendors (ahem!) to show exactly what
johnny-come-latelies they _really_ are. ;)

mjr.
Previous By Date Next
Previous By Thread Next

Current thread: