Yes, there are many more products that make sense of the log data. See the
Free Sans Analyst report on Log Management by Stephen Northcutt at
http://www.sans.org/vendor/20050426_analyst_report.pdf
Also, IDS focus list has been covering this topic in great detail lately.
These products are a new breed of Security Event Management products with
the benefit of Log Management functions for compliance requirements. A
particularly stellar product to look at that is mentioned on the SANS list
by Northcutt is LogRhythm starting at about $14k. ROI4Security
www.ROI4Security.com is the leading integrator of LogRhythm; you'd want to
contact them directly to learn more. Very impressive background of the
principal partners at ROI including contracted ISO at JPMorgan, CNA
Insurance, and 14 years of contracting at NSA, and former co-founder of NSC
nscsecure.com. Very solid background, and great to work with.
regards,
-MD
Certification Training CertTest.com
-----Original Message-----
From: Leif Sawyer [mailto:lsawyer@gci.com]
Sent: Monday, July 25, 2005 3:34 PM
To: pen-test@securityfocus.com
Subject: RE: IPS comparison
bw [bjshhsjb \@ yahoo.com] wrote:
I have been tasked with comparing IPS appliances. I am
seriously looking at top layer's product line and tipping
point. Does anyone have a spreadsheet or know of any tool
they would be willing to share for comparing products. Im new
to this so any help would be appreciated
I almost wonder if it's of more importance to review the IDS
collection/analysis engines?
With so much data available, who has time to look at it all,
without some method of distilling it all down to useful data?
Protego (now Cisco MARS), Checkpoint Eventia, ...
are there any others? There must be. But with this being such
a "new" model, I haven't seen a lot of information comparing
these types of products yet.
