TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
Chris Thanks a lot for such a comprehensive reply, it's good to see that ISS are using the technology inherited from NetworkICE to such good effect. > The RealSecure network sensor is rapidly being integrated. We are using the > BlackICE NIDS component as the chassis for doing packet analysis, and > integrated in RealSecure 7 the protocol analysis and signatured based > technologies into an optimized model where we take the best of BlackIce > algorithms and RealSecure algorithms and turn into a single Protocol > Analysis Module (PAM). PAM will be plugged into all our IDS agents. With the full integration of BlackICE into RealSecure7 is there going to be an additional charge for existing BlackICE customers to migrate/upgrade to it, where they purchased a perpetual license with associated support? When are we likely to see RealSecure 7 on the streets? > One category, Desktop IDS. > We break the NNIDS into two groups: server IDS and desktop IDS. > For server IDS, we already have RealSecure Server Sensor. > For desktop IDS, we now have BlackIce agent. I believe ISS has the only > desktop IDS out there. I believe Tiny have just sold 500,000 copies of such a beast to the USAF, admittedly it is, as you say, primarily a personal firewall but it does report in to a central console where allegedly some Intrusion analysis is carried out (I think it uses the Snort ruleset) http://www.securitae.com/ids.php Sygate are also doing some interesting things at this level, I think they have just released a new product that looks pretty cool (I haven't used it) http://www.sygate.com/products/sms_ov.htm > Another category, Inline IDS. > Network ICE launched Guard last year in December. It was the first inline > IDS that I am aware of that was publicly available. Guard is still the only > commercially available inline IDS that I know of. This puts IDS inline like > a firewall with the ability to stop attacks I like Guard and feel that there is much worth in a product of this nature providing defence in depth "within" a network especially with the heterogeneous mish mash of systems which would require so many holes in a firewall. Though I should point out that I'm still very much in favour of at least one firewall at the network boundaries. But I still see Guard as a Network IDS with automated response turned on, what are the advantages of the Guard method over say the SecureNetPro method of resetting packets on the fly? There are pros and cons of either method ie fail safe, stealth, inline etc. > One additional IDS category not on your web site, but is not a product: > remote monitoring IDS service. I know and I'm still avoiding it, there are too many cowboys out there trying to offer the service at exorbitant rates for a lacklustre service. That's not say there aren't some good ones too, but as I wish to keep the site impartial, I wouldn't be able to do the "good guys" justice. It was hard enough to justify the ethics of the hacking courses page http://www.networkintrusion.co.uk/hacking.htm Take care -andy http://www.networkintrusion.co.uk
