July 01, 2003
$1,295 (standard agent); $1,595 (web server agent); $2,995 (database agent); $4,995 (management server)
- Ease of Use:
- Value for Money:
- Overall Rating:
Really straightforward console and massive scalability.
Management server can only run on Windows-based machine.
Excellent software for the enterprise, very well thought out.
The Entercept system, now acquired by Network Associat-es, has in its latest version bought a major revision to how software runs in the enterprise.
Most of the work on the update has gone into improving the product's scalability, allowing the enterprise administrator to monitor thousands of agents without hindering performance. Up to 5,000 agents can be observed from the management server, which can make use of a redundant management server in case of failover.
Installing the software was straightforward, although there was a tiny problem installing from the CD that was quickly solved.
The management server software works atop a version of SQL Server, which holds policy and logging information. The server and console used to administer it have morphed into distributed Java-based applications. While the management server has to sit on a Windows 2000 server, the agents can run on W2K/NT4, HP-UX (11.0/11i) or Solaris (2.6/7/8/9).
Firing up the console gave a clear view of our test network. Agents were installed on other servers and testing commenced. The agents can each be set to one of three modes: warning, protect and vault. Warning mode monitors activity and reports back, but does not block any suspected attacks. The protect mode is employed in most networks. In this mode the software quickly stopped nefarious activity such as clearing the event viewer, which intruders use to hide evidence of their work.
Worms and double file extensions are another source of problems, and while an agent is running in protect mode it disallowed any execution of these types of files. The system also stopped IIS directory traversals that may be used to execute commands on a web server and give the hacker control over the compromised machine.
The console and software has been redesigned with distributed administration in mind. One group of administrators can view a set of agents on machines, such as web servers, while another can monitor database servers. Agents can also be banded together as single, logical units.
The software has been well thought out and is quite easy to get along with. Its scalability should make this a must for enterprises.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report