I got started on a review of the commercial space back in September --
clearly I'm not finished, but let's get this on the commercial tools bit
of the web site and go from there...
tbird
"Our duty, as living things, is to be sure that pain is not our whole
story, for we can choose to be otherwise....we can choose to dance."
-- from "Six Moon Dance," by Sheri Tepper
http://www.shmoo.com/~tbird
Log Analysis http://www.loganalysis.org
VPN http://vpn.shmoo.com
---------- Forwarded message ----------
Date: Wed, 11 Sep 2002 01:00:06 +0000 (GMT)
From: Tina Bird <tbird@precision-guesswork.com>
To: Tina Bird <tbird@precision-guesswork.com>,
Rodney Thayer <rodneyat_private>, Fearghas McKay <fm@st-kilda.org>
Subject: the log management/monitoring space
List compiled by Toby Kohlenberg, a buddy of mine at Intel, with editorial
comments by yours truly...However I'm bored now and will work on this some
more tomorrow. I think Toby's missed a couple, but there's a limit to how
much marketing bumph I can handle in one day, especially when I'm already
brain dead.
t.
---------- Forwarded message ----------
Date: Thu, 29 Aug 2002 10:18:11 -0700
From: "Kohlenberg, Toby" <toby.kohlenbergat_private>
http://www.appliedwatch.com/
A GUI interface for managing and monitoring Snort
http://www.addamark.com/solutions/index.html
Clustered Linux database system optimized for time indexed, non
transactional data. Kick ass high performance management and archiving
solution, but needs vertical apps for specific focus areas like security.
This is the company whose CTO I dated a couple of times, for whom I'm
writing a white paper. They're entertaining the thought of hiring me to
develop that security vertical but I don't think they can afford me, and I
don't think I want to be tied down to a single technology.
http://www.vericept.com/products/view_security.shtml
Appliance that claims to measure compliance with an individually-tailored
corporate appropriate use policy. Damned if I can tell from the nearly
content free Web site how it actually >>works<<. The only intervention it
claims to require from the corporate IT staff is IP address assignment, so
it can't be using syslog or SNMP...
http://www.secos.com/products/secospider/details.asp
Combines policy management, resource utilization, log monitoring and real
time alert categories into one worn-out little system...based on
agent/server technology. Web site lacks important information like which
platforms are supported.
(what, me, getting snarky???)
http://www.ringnecktech.net/
"Ringneck Technologies is a new software company dedicated to optimizing
network security tools to enhance their effectiveness in fighting
malicious."
Clearly writing code is easier than writing English. Web site last
updated June 2001. Events are normalized to the widely-adopted Common
Intrusion Specification Language: "RSC developers are following this
activity and will implement the RFP."
(you must be this tall to ride this ride)
http://www.netiq.com/products/sm/default.asp
integrates log management for FW-1, cisco PIX and IOS, ISS real secure,
anti-virus systems
with a set of event signatures. Near as I can tell, no application or OS
support. Still, my favorite of the options to this point. NetIQ sold
part of this package to Microsoft, who then repackaged it in the Win2k
Resource Kit as the Microsoft Operations Manager 2000 application. I knew
I remembered them from somewhere. Note that Microsoft is not continuing
development on this application for .NET.
http://demarc.com/
Home of the best-paid product marketing group, the owners of PureSecure
branding ;-) Once you get through the glossy advertising, it's Snort,
with the ability to verify service availability and some Tripwire-like
functionality. Since it's doing integrity checking, it must have agent
software, but the Web site doesn't go into that much detail.
http://www.guarded.net/
Definitely get points for having the most useful technical information on
their Web site. Monitoring system accepts data via syslog and SNMP.
Says it supports CheckPoint and ISS logs "natively" (assuming they mean
FW-1, this might mean they have written an OPSEC-compliant LEA interface,
it's not clear; ISS RealSecure uses SNMP or SMTP). Windows systems
require agent software. Modules normalize event data to a common format
and then forward it (all of it, near as I can tell) to the central
management console. Console performs correlation, analysis and long term
storage. No performance numbers. Pretty impressive list of supported
devices (http://www.guarded.net/prod/supp.html) tho' no info on what sort
of signatures they provide (it's been known to happen that i've disagreed
with a vendor's assessment of significant events). I'm not sure that I'd
call nmap a security audit tool.
http://www.aprisma.com/products/security.shtml
Claim to support every device under the sun (see
http://www.aprisma.com/products/SSM/Support_Devices_Summary.pdf for
details), but since they include a load balancing/fail-over system
(StoneBeat) in the firewall list and NFR's Secure Log Repository as a
network-based IDS, I'm not sure they've got any idea of what they're
doing. Web site is >>extremely<< buzzword compliant. Looks like it wants
to be OpenView when it grows up -- SNMP based management and monitoring.
http://www.arcsight.com/
http://www.advisortechnologies.com/Products.htm
http://www.gd-decisionsystems.com/intrusionvision/
http://www.esecurityinc.com/
http://www.sidrlabs.com/
http://www.igloosec.com/product/product.htm
http://www.freshwater.com/SiteScope.htm
http://www.open.com/htm/products.htm
http://www.micromuse.com/
http://www.opensystems.com/index.asp
http://www.intrusion.com/Products/enterprise.shtml
http://www.securesoftsystems.com/
http://www.netforensics.com/
http://www.tm.agilent.com/tmo/datasheets/English/HPJ4642A.html
http://www.itactics.com/
http://www.cyberwolftech.com/ (note- MountainWave has been bought by
Symantec)
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 22:45:34 PST