[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Symantec Manhunt ?
- To: <full-disclosure@lists.netsys.com>
- Subject: Re: [Full-Disclosure] Symantec Manhunt ?
- From: "Clint Bodungen" <clint@secureconsulting.com>
- Date: Tue, 16 Dec 2003 13:59:51 -0600
> Hi FD,
>
> Is there someone who have already use the IDS : Symantec Manhunt 3 ?
>
> In fact, I need information about it to know if it could replace a
> snort 2.0...
>
> Thanks a lot for any information about ManHunt.
>
> Frederic Charpentier.
Other than ManHunt being a commercial product (and Enterprise for that
matter which means $$$$$), the
biggest difference is its "anomaly-based detection". Snort uses signature
based detection which must be pre-defined whereas, in addition to signature
detection, ManHunt claims to also have the ability to detect a possible
attack (known as well as 0 day) based on packet anomalies and patterns. It
does work up to a point but you must invest the hours required to "fine
tune" it in order to eliminate false positives (as with many IDS though).
Symantec is decent about getting new signatures updates out and you do have
the ability to create your own.
If you are looking for an enterprise IDS solution to replace Snort, and can
afford it... my vote would be a toss up between ISS Proventia and Symantec's
ManHunt. (Keep in mind that Proventia is an appliance which includes more
than just NIDS)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html