RE: RE: Info needed to compare Axent ITA and ISS RealSecure

[gshipley () neohapsis com (Greg Shipley)]

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

On Wed, 5 Jul 2000, Chad Harrington wrote:

> Axent's predecessor, Raxco, was formerly Clyde Digital, which came out with
> Audit for VMS (host-based IDS) in the late '70's / early 80's.  The person
> who wrote it, Rob Clyde is still at Axent.  The Audit product later became
> Intruder Alert.  Axent's Intruder Alert, which holds 75% of the world-wide
> host-based IDS market share (IDC numbers, not ours), has been around since
> the early '90's.  This is all documented in Rebecca Gurley Bace's recent
> book, Intrusion Detection.  I think those who have commented are thinking of
> NETWORK-based IDS, not both types of IDS.  As was noted, the NetProwler
> product originally came from an acquisition; we do not claim to be the first
> in the network-based market, but are very pleased with the 3.5 NetProwler
> network-based offering.

Ok, this helps clear it up - thank you.  I (for one) wasn't aware of
Axent's history, and, well, heck - now we know!

Do you know if IDC has made those number public, or where I/we could find
them?

 
> I was purposefully vague, as I did not want to get in to a feature war.  The
> review by Network Computing is outdated, and doesn't talk at all about the
> 3.5 release of both our network and host IDS products, which introduced
> major changes and enhancements.  A more current review is from Secure
> Computing Magazine, which gave the "Prowler IDS 3.5 (Intruder Alert &
> NetProwler) the top rating - 5 Stars.
>       The review notes:
*snip*

Agreed - the NWC review (I wrote it) was done almost 10 months ago.  I
would love to look at v3.5 of the product for the next round of review(s).
A couple of questions:

- While everyone always jumps all over my butt about not asking about
other TCP/session/stream problems NIDS face, this is usually a good acid
test: Does NetProwler v3.5 do frag re-assembly?

- Did Axent finally weave NetProwler and ITA together via something other
then SNMP traps?

I've got a billion others, but those are two I'd love to know (as I'm sure
others would like to know as well).

> A question for all:
>
>       Why do people often think "IDS == Network-based IDS?"

I don't think they necessarily do.  My ignorance can be attributed to a
wide variety of problems *grin*, but in the realm of Axent's history and
VMS products, well, the last time I used VMS was when I was Indiana
(University) using campus e-mail. :)  Some of us don't go back as far as
others.:)

A novice on many fronts,

-Greg