Detection and prevention: 6 intrusion detection systems tested

Computer Associates eTrust Intrusion Detection 3.0
Computer Associates eTrust Intrusion Detection 3.0 Installation of the eTrust application was very straightforward. Initial configuration was equally easy, then the operator can get onto applying their required policies and rule sets according to their company's security needs and policies. If the necessary included foundation policies do not fit the task, then the administrator can modify them or even create their own from scratch.

The product can be deployed in several ways: either standalone for smaller networks or using several remote data probes all reporting back to a central database server. The central server is where the administrator can connect to control the remote probes as well as view the collected data.

One of the most impressive features of this application -- and one that some may take for granted -- is its user interface. What could potentially be an overwhelming array of tools and information -- both captured and real-time -- is handled and displayed with an amazing level of clarity.

CA has built in the ability to scan data that may be coming in from the outside but to also monitor traffic on the inside. This may be deployed as a management prerogative to ensure employees are not breaching their contracts or workplace rules by using the Internet and network inappropriately. This provides potential snoops with the ability to record and playback individual sessions such as HTTP and telnet; while some of the images may not be stored by the system, they can easily be loaded by linking to the live pages. All this data is linked back to the IP address or network mac address and even the system name etc for easy reference.

The system can also be configured to block unwanted network traffic, which can be of benefit to organisations with strict security policies. Online regular updates of standard rule sets and policies can be applied at the administrator's discretion to keep the system up to date. The rules and policies that are included or can be downloaded are very thorough. They include very detailed descriptions in plain, easy-to-understand English, even to the point of providing Web links to appropriate bug-traqs and sites that contain further information on potential threats and how to deal with them. There is even the option to run the included antivirus (AV) engine, complete with automatic updates, if your company needs further levels of antivirus protection. As far as we're concerned, the more protection implemented in the network the better.

Overall this is a very refined solution providing high levels of transparent intrustion detection, URL blocking, and session monitoring/logging combined with an integrated AV engine and automatic updates. If a software solution is in your sights then the Computer Associates eTrust Intrusion Detection product is worthy of evaluation.

  Detection & prevention
  Computer Assosiates
  Juniper Networks
  McAfee IntruShield
  McAfee Entercept
  Snort
  SonicWALL

 Specifications
 How we tested
 Sample Scenario
 Final words
 Editor's choice
 About RMIT
Product Computer Associates eTRUST Intrusion Detection 3.0
Price AU$3639 for 125 sessions
Vendor Computer Associates
Phone 02 9937 0500
Web www.ca.com
 
Interoperability

Supports Microsoft Windows only.
Futureproofing
A very scalable solution.
ROI ½
Reasonably priced for its features.
Service ½
12 months service included.
Rating ½

< Prev 1 2 3 4 5 6 7 8 9 10 11 12 13 Next >
Advertisement

Print feature brought to you by Adobe

Talkback 0 comments

Back to top

Featured