RE: CRIME What security topics interest you?

From: Andrew Plato (aplato@private)
Date: Sun Mar 02 2003 - 11:38:01 PST

Next message: Todd Ellner: "CRIME Cost of 419 Scam"

Previous message: Crispin Cowan: "Re: CRIME What security topics interest you?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

That's funny, a few people mentioned Entercept to me. Funny, because
Anitian was one of the first companies to sell Entercept, but we stopped
selling Entercept about six months ago. 

I have mixed feelings about Entercept. Entercept's behavior monitoring
is unique in many ways. I found the technology theoretically compelling,
but cumbersome and problematic in real-world situations. 

Entercept is quite the memory muncher. It caused some serious
performance issues on customer's systems. 

Entercept also does no network monitoring whatsoever. An attack has to
enter the system and actually carry out malicious activity on the system
before Entercept will even notice it. Another customer of mine put
Entercept demo on a server and carried out some casual white hat
hacking. They were able to do A LOT on those systems before Entercept
reported anything. 

Cisco used to have a relationship with Entercept but recently purchased
Okena. It seems that even Cisco is losing faith in Entercept as well. 

Personally, I find Okena and RealSecure to be more compelling products.
Okena is easy to use and very capable. RealSecure is the lightweight,
bang-for-the-buck leader. $325 per copy for RealSecure Server protector
(for Windoze) is hard to beat. And ISS has free central management.
Okena and Entercept charge you for the central manager. You can also use
Snort signatures with RealSecure. A feature that I use frequently to
build custom signatures. :-) 

Just my thoughts - opinions, of course.

_____________________________________
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation

Enterprise Security &
Infrastructure Solutions

(503) 644-5656 office
(503) 201-0821 cell
http://www.anitian.com
_____________________________________


> -----Original Message-----
> From: William L. Murphy [mailto:william.murphy@private] 
> Sent: Sunday, March 02, 2003 9:56 AM
> To: Andrew Plato
> Subject: RE: CRIME What security topics interest you? 
> 
> 
> You said:
> 
> >If you have a unique perspective on these technologies, I'd love to
> >hear
> >it. A couple of our suppliers (namely Top Layer Networks and possibly
> >Sourcefire) are going to offer up their take on this evolving
> >technology. 
> 
> You might want to include Entercept (host based intrution
> prevention)as well. I think it's a pretty good product. I have some
> contacts at Entercept if you need to get someone from there to
> present. Also, I think there are some companies in the area that are
> certified trainers that would probably love to come talk about it ;o)
> 
> William 'Skeeter' Murphy, CISSP
> 
>

Next message: Todd Ellner: "CRIME Cost of 419 Scam"
Previous message: Crispin Cowan: "Re: CRIME What security topics interest you?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Mar 02 2003 - 12:31:35 PST