Steven Williams wrote: > Guys, > > Have a look at Extreme Networks Sentriant. More designed for internal > protection than perimeter, this offers true Day Zero mitigation instead > on relying on signatures or patterns, and also looks at layer 2 traffic > as well.
Sounds like a vendor pitch to me... setting aside the fact that it's unusually difficult to find any technical information on that website, let's also ignore the fact that an intrusion prevention system is usually placed on an enforcement point, and therefore rarely useful for internal protection... What would "true zero day mitigation" mean, exactly ? From what I read, it looks like a rather naive application of dynamic quarantine combined with non-allocated space virtual honeypots. Something you can easily do with Linux, honeyd, arpd, and a couple of scripts. Am I missing something ? Stefano BTW: "Hyper Detection" sounds a bit like star trek. My kudos to the marketing department... ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
