Security Basics mailing list archives
Re: Need recommendations about IDS Systems
From: "Nicole Nicholson" <nanicholson () hotmail com>
Date: Wed, 29 Jan 2003 12:26:20 -0800
Jennifer-Don't forget another important thing to ask about IDS... what to do with all the data it generates. I see you are requesting something that goes to a syslog server... do you already have tools in place to analyze that data?
IDSes (especially those placed outside a FW) generate a ton of data. Making sense out if it is extremely difficult if you are already short on resources. (Who isn't?) Coorelation between (multiple) IDS engines and Firewalls is key, and software vendor solutions in this space are still in their infancy.
If you are especially short on resources, you may want to considering outsourcing your security monitoring to a third party.... in which case you want to pick the MSSP before picking your IDS.
If you just need to have an IDS because your CXO said "we need to have an IDS" then Snort at $0 seems to be the best bang for your buck nowadays.
Cheers. -Nicole _________________________________________________________________MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
Current thread:
- RE: Need recommendations about IDS Systems Robert Sieber (Jan 27)
- <Possible follow-ups>
- RE: Need recommendations about IDS Systems Ivan Coric (Jan 28)
- RE: Need recommendations about IDS Systems Chris Berry (Jan 28)
- RE: Need recommendations about IDS Systems Benjamin Meade (Jan 29)
- RE: Need recommendations about IDS Systems Moeckel, Sharon (Jan 29)
- RE: Need recommendations about IDS Systems Mel (Jan 29)
- RE: Need recommendations about IDS Systems Daniel R. Miessler (Jan 30)
- RE: Need recommendations about IDS Systems Trevor Cushen (Jan 29)
- RE: Need recommendations about IDS Systems Ivan Coric (Jan 29)
- Re: Need recommendations about IDS Systems Nicole Nicholson (Jan 29)
- RE: Need recommendations about IDS Systems James Taylor (Jan 30)
- Re: Need recommendations about IDS Systems theog (Jan 30)