TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ----------------------------------------------------------------------------
-----Original Message----- From: Haradon, Dorita (ISSAtlanta) Sent: Friday, July 19, 2002 5:48 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: ISS XForce Subject: RE: comparison Dragon - Real Secure Hi Manuel, Here's the competitive information you requested: DRAGON SENSOR WEAKNESSES 1. Extensive Unix experience required - this product is NOT for the mainstream user. 2. Difficult to install, configure, and manage. 3. No Windows sensor or management solution - this is a huge disadvantage for them. 4. Pattern matching and stateful inspection signatures mostly - very few protocol analysis signatures. This means that a new signature must be written for every attack, unlike RealSecure's protococol analysis which can detect most attacks without requiring an update. This is a major advantage of doing protocol analysis vs. pure pattern-matching. Dragon requires that a huge store of signatures be used because each signature is specific to only one method of attack, not variants of the same attack like RealSecure. This is why they need so many signatures and require such frequent updates. 5. No high level logic on ANY signatures. There is a single ASCII signature file that users can edit to create their own signatures. All sigs we've seen seem to be simple pattern or string-based matching - no complicated algorithms or decryption like many of the RealSecure sigs. 6. Very easy to "break" a signature while trying to fine-tune it. 7. Limited response options compared to RealSecure - Dragon only supports Email/Paging, SNMP traps, Syslog, and User-defined scripts. 8. No third party integration like we have with Check Point where a triggered event can invoke rule creation on the firewall. 9. Based on TCPDump-like model - they capture data then parse it to trigger events; not quite real-time. 10. Weak integrated host- and network-based IDS solution. WHY REALSECURE 7.0 SLAYS DRAGON SENSOR 6.0: Accuracy Performance Integration Security Content Service and Support RealSecure employs a combination of state-of-the-art IDS techniques, resulting in the most accurate and best performing IDS on the market today. � 7-layer protocol analysis and anomaly detection � attack pattern matching � stateful packet inspection � real-time attack verification (server responses) � vulnerability correlation via the Security Fusion module � standard user-defined signatures and Snort imports with a validation tool to ensure the signature is constructed properly � statistical anomaly detection via SiteProtector and FastAnalysis � behavior-based/application-based detection via RealSecure Desktop Protector Our protocol analysis detects actual attacks, thus virtually eliminating false positives, false negatives, and mis-identified attacks. RealSecure analyzes nearly 100 protocols, detecting over 1500 known attacks and countless unknown attacks - REAL attacks, not just non-standard packets like most other IDSs that employ an elementary form of protocol analysis. RealSecure is irrefutably the most accurate IDS on the market. Dragon just can't compete with ISS' accuracy. RealSecure recently won the "NSS Approved" award from the prestigious, independent testing firm, The NSS Group, based in the UK. Check out www.nss.co.uk to download a copy of the complete evaluation of the RealSecure 7.0 Protection System. Let me know if you need anything else. -Dorita ******************************************* Dorita Haradon ([EMAIL PROTECTED]) Technical Marketing Manager Internet Security Systems (NASDAQ: ISSX) 6303 Barfield Road, Building B, 4th Floor Atlanta, Georgia 30328 Office: 404-236-2856 Mobile: 770-598-2502 http://www.iss.net - The Power to Protect ISS Press Releases: http://bvlive01.iss.net/issEn/delivery/prlist.jsp ******************************************** -----Original Message----- From: [EMAIL PROTECTED] Sent: Thursday, July 18, 2002 8:29 PM To: [EMAIL PROTECTED] Cc: ISS XForce Subject: comparison Dragon - Real Secure Importance: High TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to [EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems! ---------------------------------------------------------------------------- Hi, does any body know some free research information on the web about a comparison between(among) the IDS Dragon and real secure network I need this urgent information. Best Regards _________________________________ V�ctor Manuel Gaete Gerente de Negocios ORION -Servicios Profesionales en Seguridad de la Informaci�n www.orion.cl Fono:56-2- 640.39.00 Santiago-Chile
