RE: Risk analysis tools?

There are scores of risk analysis tools in the marketplace. It greatly depends on the type of analysis you want to perform, and the level you want to go.

If you are looking for simple network penetration tools, you can get those off the Internet. But it's generally the "buyer-beware" rule. From my experience as a former product manager for some of the leading technologies in network and host assessment and IDS, I'd actually recommend technologies we competed against--some of which have gone from the freeware to legitimate corporate-driven technologies. Tools from SAINT and SourceFire (Marty Rousch's new company) would be essential in your search, and if you're interested in good network mapping and scanning, take a good look at the NESSUS stuff, and NMap.

I also heard rumor that Dan Farmer was planning to commercialize his COPS application. Anything Farmer did would be top-notch quality.

Also beware of the cutesy graphic-generation tools that show the pretty pictures of your network. They might look good on the screen or as a background in a NOC, but they do little to actually mend fences and notify of events actually dangerous to your infrastructure.

Most of the stuff regarding "event analysis" is tied to auditing. So be sure to look at good audit tools as part of your risk management plans. NetForensics has some interesting technology, but more importanly, some good developers. Some of my friends at NetIQ say they've got some good stuff as well--so I'd suggest you look over the NetIQ/PentSafe tools.

But on a more "businessy" note, it's one thing to run an application to identify risks--remember that you need to use some form of risk management methodology to actually address the stuff you find. That's where the real "Intrusion Prevention" becomes more than a marketing buzz phrase.

But most importantly, don't trust the new guys on the block. Just because they think they created something in a university lab, or got funding from some private venture partner who didn't know anything about the current trends in IT Sec technology, doesn't mean they're making a better mouse trap.

Stick with the veterans who pioneered this stuff. It's always best to follow the people, as the technology can often be over- or (in most cases),
UNDER-developed.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Good luck.

Drew Williams

> -----Original Message-----
> From: Marsman-Polhuys, Henk (fin)
> [mailto:Henk.Marsman-Polhuys@ordina.nl]
http://www.BlackBerry.net/knowledgecenter/livelink.exe
> Paging FAQ: