Re: [Apachebenchmark-sans-t4] If anyone can help...
Status: Alpha
Brought to you by:
rcbarnett
Menu
▾
▴
Re: [Apachebenchmark-sans-t4] If anyone can help...
|
From: <mic...@us...> - 2003-11-26 03:22:17
|
Don't have an install of these, but would recommend you also look at http://www.guidancesoftware.com/ EnCase now has a fairly good incident handling capability that is integrated with the forensics product. Watched a demo at the CSI trade show and it looked pretty good. They were able to grab an image of the system under attack remotely without damaging the integrity of the system and then to go through the file strucuture, logs, cache, and open processes and cross check so that you could quickly match potential hostile addresses, changes, and evidence. As I understand it, this system requires an agent program be installed on each system that is covered. The agent allows the remote access. Interesting. Kevin Mahoney at NetForensics could probably be talked into doing a demo for a group -- he's their federal marketier. I've got a cell phone number for him, if you want it. I've got him hooked up for a demo in mid-December and can take notes and give impressions afterwards. At CSI I got the impression that most of these products were being rushed to market quickly and competitively in a relatively short time. I'd expect to see some major holes and unresolved issues when running any of them. None of the vendors I talked to at CSI that offered incident handling software could tell me whether their software might introduce vulnerabilities to a system or whether it had been rigorously tested for code integrity. But then again, I was talking to marketing people that were trying to figure out what they thought I wanted to hear instead of giving the real scoop. ----- Original Message ----- From: Meg Layton <meg...@sy...> Date: Tuesday, November 25, 2003 2:54 pm Subject: [Apachebenchmark-sans-t4] If anyone can help... > I am looking to do an objective competitive analysis on Incident > Manager > products. Does anyone have an install of ArcSight, NetForensics, > or NetIQ > that would be willing to discuss pros/cons and provide personal > experience > insights? > > Thanks in advance > > > > Meg Layton, CISSP > > Herndon Office > Symantec Corporation > Office: > 703-668-8860 > Interoffice: > 6 [703] 8860 > www.symantec.com > > > |
