There are scores of risk analysis tools in the marketplace. It greatly depends on the type of analysis you want to perform, and the level you want to go.
If you are looking for simple network penetration tools, you can get those off the Internet. But it's generally the "buyer-beware" rule. From my experience as a former product manager for some of the leading technologies in network and host assessment and IDS, I'd actually recommend technologies we competed against--some of which have gone from the freeware to legitimate corporate-driven technologies. Tools from SAINT and SourceFire (Marty Rousch's new company) would be essential in your search, and if you're interested in good network mapping and scanning, take a good look at the NESSUS stuff, and NMap. I also heard rumor that Dan Farmer was planning to commercialize his COPS application. Anything Farmer did would be top-notch quality. Also beware of the cutesy graphic-generation tools that show the pretty pictures of your network. They might look good on the screen or as a background in a NOC, but they do little to actually mend fences and notify of events actually dangerous to your infrastructure. Most of the stuff regarding "event analysis" is tied to auditing. So be sure to look at good audit tools as part of your risk management plans. NetForensics has some interesting technology, but more importanly, some good developers. Some of my friends at NetIQ say they've got some good stuff as well--so I'd suggest you look over the NetIQ/PentSafe tools. But on a more "businessy" note, it's one thing to run an application to identify risks--remember that you need to use some form of risk management methodology to actually address the stuff you find. That's where the real "Intrusion Prevention" becomes more than a marketing buzz phrase. But most importantly, don't trust the new guys on the block. Just because they think they created something in a university lab, or got funding from some private venture partner who didn't know anything about the current trends in IT Sec technology, doesn't mean they're making a better mouse trap. Stick with the veterans who pioneered this stuff. It's always best to follow the people, as the technology can often be over- or (in most cases), UNDER-developed. Good luck. Drew Williams > -----Original Message----- > From: Marsman-Polhuys, Henk (fin) > [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 27, 2003 2:01 AM > To: [EMAIL PROTECTED] > Subject: Risk analysis tools? > > > Hi, > > don't know if this is the right list to post this, > but I'm just gonna > try. > > I'm looking for some risk analysis tools or methods > that can be used in > the infosecurity process. Anyone got any > recommendations or ideas? > > Rgdz, Henk > > -----Oorspronkelijk bericht----- > Van: Michael Parker [mailto:[EMAIL PROTECTED]] > Verzonden: woensdag 22 januari 2003 20:01 > Aan: David Andersson; > [EMAIL PROTECTED] > Onderwerp: RE: Computer Forensics > > > Try this... > > http://computerforensics.net/ > > Regards, > > Sincerely, > > Michael, MCP, GSEC, BCCSA > BlackBerry Technical Support > Research in Motion, Ltd. > Tel: 1-877-BLK-BERRY > Email: [EMAIL PROTECTED] > Web: www.BlackBerry.net > > Important Notice: As of February 1, 2003, BlackBerry > customers who have > purchased through RIM will need to purchase a > technical support package > to continue receiving BlackBerry Technical Support > direct from RIM. To > learn more about this change in policy and to find > out about the > available BlackBerry technical support options, > visit > www.blackberry.com/go/supportoptions > > For on-line technical assistance, please refer to > our website at the > links > below: > Technical FAQ: > http://www.BlackBerry.net/knowledgecenter/livelink.exe > Paging FAQ: > http://www.BlackBerry.net/support/paging/index.shtml > > > > -----Original Message----- > From: David Andersson > [mailto:[EMAIL PROTECTED]] > Sent: January 19, 2003 11:13 AM > To: [EMAIL PROTECTED]; > [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: Computer Forensics > > > Greetings, > > We're experiencing an upsurge in computer forensics > queries. > > Can anyone suggest any links to relevant > information, certifications, > etc.? > > Dave Andersson > MCT, CIW Security Analyst, CCNA > > ----------------------------------------------------------------------- > > This message is the property of Time Inc. or its > affiliates. It may be > legally privileged and/or confidential and is > intended only for the use > of the addressee(s). No addressee should forward, > print, copy, or > otherwise reproduce this message in any manner that > would allow it to be > viewed by any individual not originally listed as a > recipient. If the > reader of this message is not the intended > recipient, you are hereby > notified that any unauthorized disclosure, > dissemination, distribution, > copying or the taking of any action in reliance on > the information > herein is strictly prohibited. If you have received > this communication > in error, please immediately notify the sender and > delete this message. > Thank you. > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
