[Snort-users] Re: Off topic: ActiveScout?

JP Vossen vossenjp at ...8683...
Fri Apr 4 15:59:05 EST 2003


On Fri, 4 Apr 2003 snort-users-request at lists.sourceforge.net wrote:

> Message: 9
> Date: Fri,  4 Apr 2003 15:54:56 -0600
> From: Rich Adamson  <radamson at ...2127...>
> To: Snort Users Postings  <snort-users at lists.sourceforge.net>
> Subject: [Snort-users] Off topic: ActiveScout?
>
> Does anyone have any experience / knowledge about the ActiveScount
> product from ForeScout?

I reviewed it in Information Security Magazine's January 2003 issue:
http://www.infosecuritymag.com/2003/jan/testcenter.shtml


> Some of the marketing stuff makes it sound like Snort inline with
> some addon stuff.

I can see how you could come to that conclusion, but I'm not sure I'd agree.
ActiveScout is not signature or rule based but attempts to detect "recon."
One one hand, less and less recon is performed as more kiddies just run the
'Sploit.  On the other hand, the pople who DO run recon are far more dangerous
anyway, so detecting them has far more value that proportional to the numbers.
YMMV.  Read my review for the rest of my thoughts (FWIW :-).

I might be inclided to run ActiveScout outside the FW and Snort inside as 2 of
my layers.  Also note there are several other product that are very similar to
ActiveScount (IP Angle is one, I forget the others at the moment).

Later,
JP
------------------------------|:::======|--------------------------------
JP Vossen, CISSP              |:::======|                jp at ...8684...
My Account, My Opinions       |=========|       http://www.jpsdomain.org/
------------------------------|=========|--------------------------------
"The software said it requires Windows 98 or better, so I installed
Linux..."





More information about the Snort-users mailing list