The negative aspect of that particular product is the fact it has a very, very, very complex policy structure. A user or administrator making the policy in the DCS should have a very thorough knowledge of the operating system or policy making. You have to be very specific about the data structure. If you want to secure a Linux server, an administrator should be very confident about how the directory structure of Linux, how Linux works, and where it puts the important logs. You have to be very cautious about the complete path, and you have to write it over there in the policy part. If you are not very specific, there will be a lot of noise in the system. You're going to receive thousands of events that are false positives. The fine-tuning of the policy is a very complex thing in the DCS itself. Another negative aspect that I have observed is if the product gets installed on the kernel level of any non-Windows server, it has some issues, comparability issues. Sometimes the product doesn't work properly, so it shuts down the machine and crashes the system. There are many cases in which I've observed the DCS crashing the system.
