[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Considering nSight, any opinions?
- To: Jason Heschel <jason.heschel@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Considering nSight, any opinions?
- From: "J.A. Terranson" <measl@xxxxxxx>
- Date: Thu, 28 Jul 2005 10:43:09 -0500 (CDT)
On Thu, 28 Jul 2005, Jason Heschel wrote:
> Hi list,
>
> I tried sending this to a SecurityFocus list but I think everyone's at
> Blackhat or something. :)
>
> We've spent the last few weeks evaluating nSight (www.intrusense.com).
> It's been very helpful in identifying exactly what, when and who is
> eatting up all of our internal network bandwdith as well expose some
> 'strange' internal network behavior which was causing some
> intermittent problems with our Windows hosts. Anyways, we're now
> considering making a purchase.
>
> I'm curious to hear any opinions, problems or praise people have for
> this software. Does it scale well? It seems to collect a lot of
> information. How does it perform after collecting several months worth
> of data?
While I'm not familiar with this product itself, this sounds like a
knockoff of the Arbor product - which I LOVE, but which even the worlds
largest NSPs cringe at in terms of price. If you have rudimentary shell
scripting skills with just a touch of C, you can easily roll your own
using netflow records. Barring that, this class of software provides
useful information and I recommend them (by class) as "must have's" to any
medium or larger network.
HTH,
//Alif
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/