Re: Need recommendations about IDS Systems

["Nicole Nicholson" <nanicholson () hotmail com>]

Jennifer-

Don't forget another important thing to ask about IDS... what to do with all 
the data it generates.  I see you are requesting something that goes to a 
syslog server... do you already have tools in place to analyze that data?

IDSes (especially those placed outside a FW) generate a ton of data.  Making 
sense out if it is extremely difficult if you are already short on 
resources. (Who isn't?) Coorelation between (multiple) IDS engines and 
Firewalls is key, and software vendor solutions in this space are still in 
their infancy.

If you are especially short on resources, you may want to considering 
outsourcing your security monitoring to a third party.... in which case you 
want to pick the MSSP before picking your IDS.

If you just need to have an IDS because your CXO said "we need to have an 
IDS" then Snort at $0 seems to be the best bang for your buck nowadays.

Cheers.

-Nicole





_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus