[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Affordable Network Behavior Analysis alternatives

To: <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] Affordable Network Behavior Analysis alternatives
From: "Evans, Arian" <Arian.Evans@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 28 Jul 2004 17:16:33 -0500

> > My question is simple, are there any other commercial 
> > out-of-the-box alternatives to QRadar? Something that isn't 
> > going to cost me >$40,000 to deploy?
> 
> All the ones I have seen so far are megabucks (Qradar and 
> Arbor Networks). I will be checking out intrusense as soon
> as I can get a demo copy based on everyone elses positive replies.

Lancope and Securify both have appliances that start in the 10k
range. Mazu has a nice offering too, but I'm not sure if they ever
came out with anything affordable for smaller environments (at one
time it was about 120k+ to get in the door if I remember correctly).

Personally I think Stealthwatch is the easiest to configure/tune of
the ones I've seen mentioned above (I've not seen Intrusense's nsight).

Securify has limited protocol validation going for it too, if you don't
already have that in your NIDS. Stealthwatch also has some strong
points like setting ACLs when needed.

Not knowing how many collection points you need, how much
traffic you have (and how easily you can aggregate it) it's hard
to say whether or not you can get by on one 10k appliance.

Good luck, and sorry for the auto-disclaimer that will be attached
to my email as soon as it leaves my mail server,

Arian Evans
Sr. Security Engineer
FishNet Security

KC Office:  816.421.6611
Direct: 816.701.2045
Toll Free:  888.732.9406
Fax:  816.474.0394

http://www.fishnetsecurity.com



The information transmitted in this e-mail is intended only for the addressee 
and may contain confidential and/or privileged material. 
Any interception, review, retransmission, dissemination, or other use of, or 
taking of any action upon this information by persons or entities
other than the intended recipient is prohibited by law and may subject them to 
criminal or civil liability. If you received this communication 
in error, please contact us immediately at 816.421.6611, and delete the 
communication from any computer or network system.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Crash IE with 11 bytes ;)
Next by Date: Re: [ok] [Full-Disclosure] Possible Virus/Trojan
Previous by thread: RE: [Full-Disclosure] Affordable Network Behavior Analysis alternatives
Next by thread: [Full-Disclosure] SWAT PreAuthorization PoC
Index(es):
- Date
- Thread