[Dshield] DShield vs. Symantec

Kenneth Coney superc at visuallink.com
Thu Jan 8 15:10:07 GMT 2004


I got deepsight on my home PC (it's free for those).  At first I thought it 
would be useful as it should be reporting on lots of stuff since I had NIS, 
but while it has lots of bells and whistles, it offers little that the 
Dshield doesn't.  The biggest advantage seems to be the automatic 
submissions.  I am actually disappointed in it as it doesn't seem to be 
logging (based on what I see when I look at my deepsight reports) virus 
hits by the Norton AV, nor is it tracking spam sending IP#s, or any of the 
other potentially usable trend information NIS logs beyond firewall data.


Subject: [Dshield] DShield vs. Symantec
From: Pete Cap <peteoutside at yahoo.com>
Date: Wed, 7 Jan 2004 07:52:58 -0800 (PST)
To: General DShield Discussion List <list at dshield.org>

So, I've got this salesman from Symantec attempting to sell me (or, rather, 
the organization for which I work) a subscription to their DeepSight Threat 
Management System.

For those of you who are not familar with DeepSight, basically Symantec's 
analysts take data from about 20k contributors in 180 countries (IDS logs, 
traffic data, etc.) and perform trend analysis (sound familiar?).  I 
suppose this question is directed mostly towards Johannes...as far as being 
a data source...how does dShield stack up against those numbers?

Also...for anyone familiar with DeepSight, or using their services, how 
useful have you found them to be?  Worth the money or not?  Do they provide 
anything which you are unable to do yourself?

Thanks,

Pete


-----------------------------





More information about the list mailing list