[unisog] mirage counterpoint

Dean De Beer ddb at plazacollege.edu
Fri Jun 17 15:51:22 GMT 2005

Hi Mark,

We have not looked at Mirage Network's product yet but we have been
evaluating others that do behavioral based anomoly detection.
Lancope's Stealthwatch is one but it get's pretty expensive the more
locations you monitor and whether or not you require gigabit copper or fiber
connectivity. Radware's DefensePro is also an option. Currently they use
signatures to do intrusion prevention but are adding a behavioral based
option to the appliance. We have a demo unit arriving in a few weeks. Based
on the online demos I have seen I personally prefer the Radware product.

Kind Regards,


-----Original Message-----
From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
On Behalf Of Mark Brochu
Sent: Friday, June 17, 2005 10:56 AM
To: unisog at lists.sans.org
Subject: [unisog] mirage counterpoint

Greetings all,

Recently we took a look at Mirage Network's Counterpoint appliance.  It 
is a linux based appliance that looks for traffic "anomalies" by 
listening on different vlans.  It does this by listening to ethernet 
(arp) activity as well as other higher layer activity.  It uses a 
behavior based as opposed to a signature based approach to detect 
malicous traffic.  I am wondering if anyone here has had experience with 
it or could mention any other appliance that uses a similar detection 
mechanism.  Thanks much!

Mark Brochu
Network Analyst
University of Hartford

unisog mailing list
unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog

More information about the unisog mailing list