[unisog] mirage counterpoint

Scott Genung sagenung at ilstu.edu
Fri Jun 17 18:05:30 GMT 2005


We evaluated Mirage's appliance during the spring of 2004 and found it to 
offer some nice features. However at the time, it didn't appear to scale 
well as the responsiveness of the user interface was disappointing. 
Navigation through the system also seemed somewhat cumbersome. We 
eventually evaluated and purchased several Tipping Point IPS appliances as 
an alternative. We've been very happy with them.

We also just recently conducted a product evaluation of Lancope's 
Stealthwatch. It is an anomaly detection product with some basic 
remediation capabilities (ie: firewall shuns or null route injections). We 
were very impressed by it's detection and reporting capabilities. We see it 
as a great way to augment our IPS architecture. We are in the process of 
purchasing their NetFlow based product.

At 10:51 AM 6/17/2005, Dean De Beer wrote:
>Hi Mark,
>We have not looked at Mirage Network's product yet but we have been
>evaluating others that do behavioral based anomoly detection.
>Lancope's Stealthwatch is one but it get's pretty expensive the more
>locations you monitor and whether or not you require gigabit copper or fiber
>connectivity. Radware's DefensePro is also an option. Currently they use
>signatures to do intrusion prevention but are adding a behavioral based
>option to the appliance. We have a demo unit arriving in a few weeks. Based
>on the online demos I have seen I personally prefer the Radware product.
>Kind Regards,
>-----Original Message-----
>From: unisog-bounces at lists.sans.org [mailto:unisog-bounces at lists.sans.org]
>On Behalf Of Mark Brochu
>Sent: Friday, June 17, 2005 10:56 AM
>To: unisog at lists.sans.org
>Subject: [unisog] mirage counterpoint
>Greetings all,
>Recently we took a look at Mirage Network's Counterpoint appliance.  It
>is a linux based appliance that looks for traffic "anomalies" by
>listening on different vlans.  It does this by listening to ethernet
>(arp) activity as well as other higher layer activity.  It uses a
>behavior based as opposed to a signature based approach to detect
>malicous traffic.  I am wondering if anyone here has had experience with
>it or could mention any other appliance that uses a similar detection
>mechanism.  Thanks much!
>Mark Brochu
>Network Analyst
>University of Hartford
>unisog mailing list
>unisog at lists.sans.org http://www.dshield.org/mailman/listinfo/unisog
>unisog mailing list
>unisog at lists.sans.org

Scott Genung
Manager of Networking Systems
Telecommunications and Networking
Illinois State University
124 Julian Hall
Normal, IL 61790-3500

sagenung at ilstu.edu
Phone: (309)438-7258
Web: http://www.tel.ilstu.edu 

More information about the unisog mailing list