[Dshield] DShield vs. Symantec

john beck jbeck80 at hotmail.com
Wed Jan 7 17:18:04 GMT 2004

It is not fair to try to compare the two, I am proposing both to my 
superiors.  In regards to reporting and remediation I do this.  At minimum, 
I suggest using Dshield for reporting, statistics and remediation (unless 
you take pleasure in sending fightback letters).  I suggest it to any 
business that has internet connectivity (what else are you going to do with 
the firewall logs?).  If your business "host" anything, especially 
e-commerce, it would be wise to use a managed service to monitor and 
remediate in real time (blocking attacking subnets, etc) and use the dshield 
(instead of managed service) to relieve the cost of fightback, use collected 
data to double-check the managed service, let the service do the real-time 
issues and alerts (I don't think Johannes is going to call anyone at 3am to 
alert).  FYI, there is going to be a huge surge in managed security services 
(verisign just bought some big manage service company) In one case of 
firewall/IDS/IPS (powerwall) they package the managed service to maintain in 
real-time.  The critical thing is "who" you are letting manage your security 
(symantec has stringent hiring process).  Dshield does not do anything to 
your network, it is a reporting tool, where managed services will be "in 
your network devices" changing config or rules as needed in real time.
Another way to look at it, if you can't afford managed services, you can at 
least setup Dshield while you wait for next budget.

If you like my advertising, please send Dshield monogrammed formal wear for 
I am an under appreciated (paid) security guru, now if they would upgrade my 
etch-i-sketch to a laptop I will have it made:)

John (2¢)

>From: Pete Cap <peteoutside at yahoo.com>
>Reply-To: General DShield Discussion List <list at dshield.org>
>To: General DShield Discussion List <list at dshield.org>
>Subject: [Dshield] DShield vs. Symantec
>Date: Wed, 7 Jan 2004 07:52:58 -0800 (PST)
>So, I've got this salesman from Symantec attempting to sell me (or, rather, 
>the organization for which I work) a subscription to their DeepSight Threat 
>Management System.
>For those of you who are not familar with DeepSight, basically Symantec's 
>analysts take data from about 20k contributors in 180 countries (IDS logs, 
>traffic data, etc.) and perform trend analysis (sound familiar?).  I 
>suppose this question is directed mostly towards Johannes...as far as being 
>a data source...how does dShield stack up against those numbers?
>Also...for anyone familiar with DeepSight, or using their services, how 
>useful have you found them to be?  Worth the money or not?  Do they provide 
>anything which you are unable to do yourself?
>Do you Yahoo!?
>Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 

Working moms: Find helpful tips here on managing kids, home, work —  and 
yourself.   http://special.msn.com/msnbc/workingmom.armx

More information about the list mailing list