[Dshield] DShield vs. Symantec

Dave Hatz davehatz at hatzventures.org
Wed Jan 7 20:03:08 GMT 2004


John,
You mentioned "use a managed service to monitor and remediate in real time
(blocking attacking subnets, etc)".  Could you please provide the names of
these companies that provide such a service and that you would recommend?

Dave

----- Original Message ----- 
From: "john beck" <jbeck80 at hotmail.com>
To: <list at dshield.org>
Sent: Wednesday, January 07, 2004 9:18 AM
Subject: RE: [Dshield] DShield vs. Symantec


> It is not fair to try to compare the two, I am proposing both to my
> superiors.  In regards to reporting and remediation I do this.  At
minimum,
> I suggest using Dshield for reporting, statistics and remediation (unless
> you take pleasure in sending fightback letters).  I suggest it to any
> business that has internet connectivity (what else are you going to do
with
> the firewall logs?).  If your business "host" anything, especially
> e-commerce, it would be wise to use a managed service to monitor and
> remediate in real time (blocking attacking subnets, etc) and use the
dshield
> (instead of managed service) to relieve the cost of fightback, use
collected
> data to double-check the managed service, let the service do the real-time
> issues and alerts (I don't think Johannes is going to call anyone at 3am
to
> alert).  FYI, there is going to be a huge surge in managed security
services
> (verisign just bought some big manage service company) In one case of
> firewall/IDS/IPS (powerwall) they package the managed service to maintain
in
> real-time.  The critical thing is "who" you are letting manage your
security
> (symantec has stringent hiring process).  Dshield does not do anything to
> your network, it is a reporting tool, where managed services will be "in
> your network devices" changing config or rules as needed in real time.
> Another way to look at it, if you can't afford managed services, you can
at
> least setup Dshield while you wait for next budget.
>
> If you like my advertising, please send Dshield monogrammed formal wear
for
> I am an under appreciated (paid) security guru, now if they would upgrade
my
> etch-i-sketch to a laptop I will have it made:)
>
> John (2¢)
>
>
>
> >From: Pete Cap <peteoutside at yahoo.com>
> >Reply-To: General DShield Discussion List <list at dshield.org>
> >To: General DShield Discussion List <list at dshield.org>
> >Subject: [Dshield] DShield vs. Symantec
> >Date: Wed, 7 Jan 2004 07:52:58 -0800 (PST)
> >
> >So, I've got this salesman from Symantec attempting to sell me (or,
rather,
> >the organization for which I work) a subscription to their DeepSight
Threat
> >Management System.
> >
> >For those of you who are not familar with DeepSight, basically Symantec's
> >analysts take data from about 20k contributors in 180 countries (IDS
logs,
> >traffic data, etc.) and perform trend analysis (sound familiar?).  I
> >suppose this question is directed mostly towards Johannes...as far as
being
> >a data source...how does dShield stack up against those numbers?
> >
> >Also...for anyone familiar with DeepSight, or using their services, how
> >useful have you found them to be?  Worth the money or not?  Do they
provide
> >anything which you are unable to do yourself?
> >
> >Thanks,
> >
> >Pete
> >
> >
> >---------------------------------
> >Do you Yahoo!?
> >Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes
> >_______________________________________________
> >list mailing list
> >list at dshield.org
> >To change your subscription options (or unsubscribe), see:
> >http://www.dshield.org/mailman/listinfo/list
>
> _________________________________________________________________
> Working moms: Find helpful tips here on managing kids, home, work -  and
> yourself.   http://special.msn.com/msnbc/workingmom.armx
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list