![]() ![]() We tested it as part of a larger Sourcefire installation with an IDS sensor and Defense Center V4.5.1 As home to the open source Snort IDS engine, Sourcefire has made a name for itself selling a commercial version of Snort along with Defense Center, which acts as a centralized management system and data analysis console for multiple IDS and RNA sensors. The goal of Sourcefire's RNA is to build host profiles for all the systems on the network and assist in prioritizing and analyzing IDS events. We tested PVS linked to Tenable's Security Center V3, a security-management tool used to integrate multiple vulnerability scanners - active, passive or a combination of both - and correlated vulnerability information with IDS and syslog data sent to Security Center by sensors and servers. The latter product works by performing active scans of systems using a wide variety of techniques ranging from pinging to logging into a system and looking at the file system and registry, but PVS does its detection without sending a single packet. PVS (originally called NeVO) is the passive complement to Nessus. Tenable is home to the popular Nessus active vulnerability-scanning freeware. ![]() With Tenable's PVS, the goal is to detect and report on system applications and vulnerabilities. Although the two tools we tested are similar in that they focus on network application inventory and vulnerability analysis, they have different design strategies. Passive network-analysis tools are designed to pull information out of the network as the traffic flows by. passive scanning), give more accurate results in those networks. For smaller networks, the value proposition is not as strong, because other techniques, such as active scanning (see Active vs. Security managers who need to monitor a large, dynamic network can probably gain significant value from these products, because they trim the number of intrusion-detection system () alerts that need to be investigated, and help detect system vulnerabilities. Overall, while both tools are fairly good at what they do, the tangible value for either product would be realized only in a big network. ![]() We tested RNA and PVS on a production network for more than a month. Subscribe to the Network Product Test Results newsletter ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |