IDS / IPS appliances

["Ed Smith" <esmith () bcc ctc edu>]

Hello List!

For the last few months I've been running the Henwen Snort package on a
Mac. When I talked to a senior network admin about expanding this to
full-fledged Snort running on a dedicated server, he told me there is
increased interest among our decision-makers in intrusion detection, and
I was asked to research some IDS applicances for purchase consideration.

Up to this point I've restricted myself to freeware (for budgetary
reasons), so I have little knowledge of and no experience with
commercial IDS offerings. So far I've looked at solutions from Cisco,
Tipping Point, Cyberguard, Deepnines, and Captus, and have gathered a
number of tech reports and datasheets to compare. I'd really like to
solicit opinions, recommendations, experiences, and feedback from
members of the security community who are more familiar with commercial
products than I am.

At this point I am open to both dedicated appliances as well as
software-based solutions. We already have firewalls and VPN set up, so I
am not looking as closely at products that bundle these features
together with IDS/IPS; I am more interested in IDS/IPS specific
products.

If anyone would be willing to take a moment and share their knowledge of
commercial IDS products I would be very grateful.

Thanks very much in advance.

Edward Smith
esmith () bcc ctc edu