Saturday, June 19, 2004

Network Monitoring Products Reviewed by NWC

A few years ago while consulting for Foundstone I was asked to name a product which would inspect traffic exiting cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 enterprise. The goal was to identify unauthorized transmission of sensitive documents or data. Aside from a customized signature-based approach, I could not think of any off-cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365-shelf product with this capability. After reading Monitoring Data Departures by Lori MacVittie in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 27 May 04 issue of NWC, I learned of Vontu's Vontu Protect 3. Some of its claims are amusing, like "No false positives — every incident reported is a genuine policy violation." This is also true for signature-based intrusion detection systems, if one accepts (as I do) that an IDS which alerts based on a rule is merely doing what it was told to do. It's up to a decision maker to guide cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 policy that an administrator implements, and it's an analyst's responsibility to judge cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 likelihood that a given event respresents a security incident. If Vontu would like me to take a look at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365ir product, feel free to contact me at blog at taosecurity dot com.

Two weeks earlier, NWC's Well-Connected Awards were published, complete with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 most disgusting cover I've ever seen on a technical magazine. That earned cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 print edition a place in my circular bin, but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 security awards were interesting. The "Network Behavior Anomaly Detection" award went to Q1 Labs, whose QVision tool seems to have been renamed QRadar. NWC liked this network behavior visualization product better than similar offerings from Arbor Networks and Lancope. Anyone interested in having me do a technical review of your product, please email blog at taosecurity dot com.

No comments: