> Does the Guard product use signature updated like RS sensor or is it > completely based on anomaly analysis?
Guard is based off the BlackICE engine and as such is a hybrid of signatures and anomaly analysis. As it stands, Guard is more like BlackICE than the old RealSecure product. Guard units currently plug into ICEcap, but the next SiteProtector will be able to manage them as well (at least that's what I have been told.) > Can it block traffic by itself or do you have to configure a FW to > block the traffic? Guard has an integrated firewall. It can block IP addresses, ports, or ICMP traffic bi-directionally. Guard's firewall is not really meant to replace a real firewall because the rules are fairly simplistic. However, using Guard you can create a "high security zone" that can only pass traffic to a specific address, range, subnet, or over a specific port. If you are interested in Guard systems, Anitian Corporation has more experience than any other reseller in the nation on Guard. I was one of the first people to deploy Guard and I have been very active with the ISS engineering team in developing the Guard product. I have Guard units that have been running continuously for over 2 years protecting critical mainframes and high-security subnets at financial institutions and US government sites. Anitian also sells hardened Guard appliances that are essentially plug-and-play ready. If you have any questions about Guard, feel free to contact me. I can give you a lot of real-world pointers on how to make Guard work optimally. ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation ISS Premier Reseller 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com _______________________________ _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
