Symantec was somewhat late to the IDS/IPS game. But their purchase of Recourse last year was an inspired decision. Recourse is (was) one of the better IDSs on the market. Where Symantec has really had problems is integrating everything together. While they have a very good IDS and IPS, they don't integrate well or at all with scanners or host-based IPS/IDS. Cisco and Entecept/Intruvert suffer from this same problem. In this aspect, ISS is way out in front of Symantec and Cisco with RealSecure and SiteProtector. They've had an integrated console with scanners, host, and network products for 2+ years now. I think this is where Cisco and Symantec are trying to play catch up. They need to integrate their entire security offering. Symantec is close with their SESA reporting architecture. Cisco seems a ways behind still. Common criteria cert is cool, but not necessarily indicative of greatness. The NSS Group, an independent testing group from the UK, certifies IDSs and IPSs. Their tests are much more rigorous and exhaustive. They just did an IPS report, although it does not look like they rated Symantec. They rated ISS Proventia G, Netscreen IDP, NAIs IntruSheild, Top Layer Attack Mitigator, and Tipping Point's Unity One. All seemed to fair well. Here's a link to the test: http://www.nss.co.uk/ips/edition1/index.htm Its interesting to note, that they acknowledged the debate, going on right now about IPS and its definition. Its encouraging to note that NSS is defining IPS much in the same way I have defined IPS for years now. Although the current crop of IPSs are many times more powerful than the hand built BlackICE Guard units I helped design and build, its inspiring to see the technology move out of weirdness and into the mainstream. ___________________________________ Andrew Plato, CISSP President/Principal Consultant Anitian Enterprise Security 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ ________________________________ From: owner-crime@private on behalf of Sasha Romanosky Sent: Wed 1/28/2004 4:52 PM To: crime@private Subject: CRIME Symantec scores a coup for its intrusion prevention tool I thought this article was interesting. Not necessarily because of the new assurance level, but in reflecting on what Symantec is doing. Recall a year and a half ago (or so) they bought up a bunch of companies, broadening their scope of infosec products and services: and IDS company in the bay area (as mentioned below), security focus, a managed security firm (on the east coast, I believe). I'm not sure if this is a sign of them spreading themselves too thin, or really succeeding at positioning themselves as a one stop shop for enterprise security. I wonder what else they're up to. Cheers, Sasha From ISTS: Title: Symantec scores a coup for its intrusion prevention tool Source: Government Computer News Date Written: January 26, 2004 Date Collected: January 27, 2004 Symantec has attained Assurance Level 3 under the Common Criteria for its ManHunt intrusion prevention system (IPS), the first IPS to achieve Level 3. ManHunt can monitor network traffic at speeds up to 2 gigabits per second, across interfaces up to 6 gigabits per second. The Common Criteria are recognized by nineteen nations, overseen in the United States by the National Institute of Standards and Technology and the National Security Agency, and required for national security systems. http://www.gcn.com/vol1_no1/daily-updates/24761-1.html
This archive was generated by hypermail 2b30 : Wed Jan 28 2004 - 20:39:18 PST