Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Intrushield User Experiences Warts 'n' All

from [Andy Cuff] Network Security [Permanent Link]
Subject: Intrushield User Experiences Warts 'n' All
Date: Mon, 25 Apr 2005 19:43:04 +0100 
Hi List Members
I was wondering if anyone could enlighten me with their experiences with
Intrushield IPS, especially in a large environment. I'm especially
interested in (marketeers need not reply):

How easy is it to tune?

What are the false positive rates like?

Can you write custom signatures?

How easy is it to update, both signatures and appliance patches?

How frequently do you receive signature updates?

Does it provide sufficient information for an analyst to resolve an event?

Does it do packet capture:

        a. per event?

        b. rolling?

        c. how easy is it to recover said packets?

What is the support like?

Value Added?

Good points?

Bad Points?

Those more important points that I can't remember right now?

I realise I can get much of the above from the website, but I would like to
hear it from the horses mouth, from practitioners in the field.



   Regards
Andy Cuff
Chief Technology Officer
Computer Network Defence Ltd
http://SecurityWizardry.com
Phone (+44) (0) 7968 608945




--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: GFI SELM Question, Brian Browne
Next by Date:  Re: GFI SELM Question, jkowall
Previous by Thread:  GFI SELM Question, Graxius
Next by Thread:  RE: Intrushield User Experiences Warts 'n' All, Ed Gibbs
Indexes:  [Date] [Thread] [Top] [All Lists]