IDS mailing list archives
RE: IDS vs. IPS deployment feedback
From: "Cojocea, Mike (IST)" <Mike.Cojocea () watsonwyatt com>
Date: Wed, 12 Apr 2006 14:14:53 -0400
Juniper, CISCO, McAfee have open or semi-open signatures. And if you have a big problem with a signature I think that if you call the tec support of the other two big players (ISS and TippingPoint) they will help you out with some confidential information about a specific signature. Also, AFAIK, in ISS you can use Snort syntax or similar to create your own signatures (I guess they call it TRONS ;) ) Free to recreate all the Snort sigs. BTW, why Snort is called lightweight IDS on SNORT.ORG page? Thanks, Mike -----Original Message----- From: Richard Bejtlich [mailto:taosecurity () gmail com] Sent: April 10, 2006 4:31 PM To: Andrew Plato Cc: focus-ids () securityfocus com Subject: Re: IDS vs. IPS deployment feedback On 4/10/06, Andrew Plato <andrew.plato () anitian com> wrote:
Yes...SOURCEFIRE customers get those signatures early. They get handed
out to the Snort world well after the fact. SourceFire is a commercial
company and you must PAY to get their product. In other words - Sourcefire is no different than TP, ISS or any other commercial vendor in this regard. As such, we're all just selling what
we know.
Andrew, You call five days "well after the fact"? Snort rules are free for registered users, by the way. Here's another difference between ISS and Snort -- I can read Snort rules, even those developed by Sourcefire. Can you point me to the place where I can download and review ISS rules, even assuming I am a registered owner? Cisco? Other? One of the ways to build trust in a product is to see how it works. I trust Snort more than similar products because I can understand its decision-making process. Richard ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- RE: IDS vs. IPS deployment feedback, (continued)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 10)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 10)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 11)
- RE: IDS vs. IPS deployment feedback Mike Barkett (Apr 13)
- Re: IDS vs. IPS deployment feedback Jason (Apr 13)
- Re: IDS vs. IPS deployment feedback Richard Bejtlich (Apr 11)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 11)
- RE: IDS vs. IPS deployment feedback Andrew Plato (Apr 13)
- RE: IDS vs. IPS deployment feedback Kyle Quest (Apr 13)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 13)
- Re: IDS vs. IPS deployment feedback Paul Schmehl (Apr 15)
- RE: IDS vs. IPS deployment feedback Cojocea, Mike (IST) (Apr 13)
- RE: IDS vs. IPS deployment feedback Gary Halleen (ghalleen) (Apr 13)
- Re: IDS vs. IPS deployment feedback Randal T. Rioux (Apr 18)
- Re: IDS vs. IPS deployment feedback Frank Knobbe (Apr 13)
- RE: IDS vs. IPS deployment feedback Basgen, Brian (Apr 13)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 15)
- RE: IDS vs. IPS deployment feedback Biswas, Proneet (Apr 15)
- RE: IDS vs. IPS deployment feedback Palmer, Paul (ISSAtlanta) (Apr 15)
- RE: IDS vs. IPS deployment feedback Mark Teicher (Apr 15)
- RE: IDS vs. IPS deployment feedback PPowenski (Apr 19)
- Re: IDS vs. IPS deployment feedback virtuale (Apr 21)