<div><span class="gmail_quote">On 4/3/07, <b class="gmail_sendername">Paul Melson</b> <<a href="mailto:pmelson@gmail.com">pmelson@gmail.com</a>> wrote:</span></div>
<div><span class="gmail_quote"></span> </div>
<div><span class="gmail_quote"></span>> Well, someone's using Retina at least. Which makes sense,since Nessus<br>> on pure Windows is still undoable and NVA/pentest work is a big-money<br> </div>
<div>Have you seen the state of Retina lately? It appears, at least as a customer, that they have put all resources into Blink which is a bad move. Their coverage for Windows issues is now limited to simply checking registry keys for patches and their alternative operating system scanning is broken and never yields consistent results. Somehow I have a hard time trusting a solution that can give different results each time you scan the same system on the same day where there have been no changes. This would be why we are now looking at Tenable and nCircle for our VA needs.
</div>
<div><br>> <a href="http://marc.info/?l=full-disclosure&m=117524796007054&w=2">http://marc.info/?l=full-disclosure&m=117524796007054&w=2</a><br> </div>
<div>Too bad their patch for that issue was sloppy and very much like Blink. Ineffective.</div>
<div><br>> Anyway, I think the reason HIDS in general doesn't see a lot of<br>> widespread adoption is that companies view their production networks -<br>> especially where Windows is running, where HIDS gets the most traction
<br>> - as fragile. They don't want "agents" or "clients" or anything that<br>> could hurt performance or stability. And while I haven't personally<br>> ever touched Blink, I've seen it's competition implode when installed
<br>> in just the wrong environment. That, and at still roughly 5-10x the<br>> per-seat cost of AV products, it's hard to sell a product that<br>> basically does what IT managers think AV does.<br> </div>
<div>I mostly agree. In our installation, we spent a lot of lab time testing all of the potential HIPS solutions and once we decided on one we spent even more time in our lab tweaking it to not break our applications and to not cause instability.
</div>
<div> </div>
<div>J</div>
<div> </div>
<div> </div>