Message-ID: <25249998.1075863402990.JavaMail.evans@thyme> Date: Thu, 18 Oct 2001 15:00:52 -0700 (PDT) From: productreview@bdcimail.com To: vkamins@enron.com Subject: Intrusion detection management Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-From: NW Product Review of the Week @ENRON X-To: vkamins@enron.com X-cc: X-bcc: X-Folder: \VKAMINS (Non-Privileged)\Kaminski, Vince J\Deleted Items X-Origin: Kaminski-V X-FileName: VKAMINS (Non-Privileged).pst NETWORK WORLD NEWSLETTER: NEAL WEINBERG on PRODUCT REVIEWS 10/18/01 - Today's focus: Intrusion detection management Dear Wincenty Kaminski, In this issue: * Intrusion detection systems from Cisco, ISS offer the best management features * Links related to Network World product reviews * Featured reader resource ____________________________________________________________ This newsletter sponsored by Opticom Unable to get budget approval for new infrastructure devices? Maximize the capital investments you already have. . . Working with your existing NMS, Opticom's iView provides value-added network intelligence to service providers and enterprises for increasing operational efficiencies. ROiView(tm) demonstrates how improvements in asset utilization, vendor management and capacity planning help your bottom line. Go to: http://nww1.com/go/3467499a.html and see for yourself! ____________________________________________________________ Getting certified? Ensure your success with practice tests! Network World and Boson Software partner to conveniently bring you affordable, high-quality technical practice tests. Loaded with more than 200 questions highly rated Boson tests help you prepare for your certification exams from today's leading companies such as Cisco, Compaq, IBM, Hewlett Packard, IBM, Linux, Microsoft and Sun. Visit http://nww1.com/go/1015netsmart.html ____________________________________________________________ Today's focus: Intrusion detection management By Neal Weinberg In our last report, we detailed the performance of five network-based intrusion detection systems - products from Cisco, Computer Associates, Enterasys Networks, Intrusion.com and Internet Security Systems. This time, we'll look at how these products tested for management and other features. Managing a large network of sensors is typically achieved through a three-tiered architecture: a central management console, sensors and an event collector that off-loads processing from the management console but reports back to it. Under this arrangement, one event collector manages up to 50 sensors, for example, but each management console supports multiple event collectors. All the vendors except CA have embraced this model. CA doesn't use the event collector, just the sensor and management console. Cisco and Internet Security Systems (ISS) tied for top honors in this category. Cisco's Secure Policy Manager, which runs on Windows NT/98/2000, supports the best event management along with a highly intuitive, logically designed interface that was a breeze to use. Items were color-coded and easily sorted, and we could configure which fields we wanted displayed, easily viewing more (or less) detail as we specified. The ISS RealSecure Manager, which resides on Windows 2000/NT or Solaris platforms, is on par with Cisco's Secure Policy Manager, supporting excellent event management, good reporting and the best integration of applications. CA, Enterasys and Intrusion.com were a step below, but were still good in this category. CA's eTrust Intrusion Detection Management, which runs on Windows 98/NT/2000 and Millennium Edition platforms, delivered the best statistics reporting of all five products tested. Its reports were comprehensive and complete. But eTrust was limited by the fact that it used several different applications that should have been integrated. While Enterasys' Web-browser based Dragon Policy Manager had good reports and statistics, its event management wasn't as robust as the other products. Intrusion.com's RealSecure appliance was the easiest to install. Within 15 minutes, we were up and running with minimal tweaks. The Cisco Secure IDS, an appliance, also was easy to install, but because the product supports so many advanced settings and configurations, it was easy to get lost trying to find things. Finally, all of the products supported a full complement of IDS features. Cisco Secure ID supported the largest database of known attack signatures, while Intrusion.com's database was the smallest. Enterasys supported the most granular attack database, providing more details about attacks than the other products. For the full report, go to http://www.nwfusion.com/reviews/2001/1008rev.html _______________________________________________________________ To contact Neal Weinberg: Neal Weinberg is features editor at Network World, in charge of product reviews, Buyer's Guides, technology primers, how-tos, issue-oriented feature stories and the Technology Insider series. You can reach him at mailto:nweinber@nww.com. _______________________________________________________________ Promote your services and generate qualified leads! Register on Buy IT, NW Fusion's Vendor Directory and RFP Center. It's cost-effective and eliminates the headaches of finding new business. List your company today and access millions of dollars in RFPs posted by active buyers. Go to NW Fusion now! http://www.nwfusion.newmediary.com/091201nwwprovnwltr1 _______________________________________________________________ RELATED LINKS IDS tools get more selective InfoWorld, 06/12/01 http://www.nwfusion.com/news/2001/0612idstools.html Intrusion battleground evolves Network World, 10/08/01 http://www.nwfusion.com/reviews/2001/1008bg.html The archive for Reviews is: http://www.nwfusion.com/reviews/index.html ______________________________________________________________ FEATURED READER RESOURCE Audio Primers Are you behind on the basics of technologies such as ATM, IP Multicast and VPNs? Check out our library of audio primers - quick explanations of networking topics and technologies, including IPv6, SANs and DSL vs. cable. These less-than-10- minute primers will not only explain how these technologies work, but they'll also show you through slides and diagrams. http://www.nwfusion.com/primers/index.html _______________________________________________________________ May We Send You a Free Print Subscription? You've got the technology snapshot of your choice delivered at your fingertips each day. Now, extend your knowledge by receiving 51 FREE issues to our print publication. Apply today at http://www.nwwsubscribe.com/nl ______________________________________________________________ SUBSCRIPTION SERVICES To subscribe or unsubscribe to any Network World e-mail newsletters, go to: http://www.nwwsubscribe.com/news/scripts/notprinteditnews.asp To unsubscribe from promotional e-mail go to: http://www.nwwsubscribe.com/ep To change your e-mail address, go to: http://www.nwwsubscribe.com/news/scripts/changeemail.asp Subscription questions? Contact Customer Service by replying to this message. Have editorial comments? Write Jeff Caruso, Newsletter Editor, at: mailto:jcaruso@nww.com For advertising information, write Jamie Kalbach, Fusion Sales Manager, at: mailto:jkalbach@nww.com Copyright Network World, Inc., 2001 ------------------------ This message was sent to: vkamins@enron.com