Re: Intrusion Detection Recommendations

[wcon <wcon () CONNCOLL EDU>]

We¹re using Netscreen¹s IDS/IDP solution, it¹s great for IDP/IDS but does
not do flow analysis . IDP function(which is how we our using it) requires
it to be inline, so that could get expensive, IDS can be out-of-band. One of
the main reasons for going with them was the ease of custom definitions and
definitions update. Cisco also has IDS blades in case you¹re a Cisco shop
that you might want to look.


On 8/9/05 9:32 AM, "Cebulski, John" <jcebulski () RKON COM> wrote:

> I would also suggest that you look at the Intrushield solution by McAfee.
>  
>
>
> From: Gibbs, Aaron M. [mailto:AMGibbs () ST-AUG EDU]
> Sent: Tuesday, August 09, 2005 8:18 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: Re: [SECURITY] Intrusion Detection Recommendations
>  
>
> We've been looking at Top Layer as and IPS and will be looking at Securiant.
> > -----Original Message-----
> > From: Mike Radomski [mailto:Mike.Radomski () ITEC SUNY EDU]
> > Sent: Tuesday, August 09, 2005 9:10 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: [SECURITY] Intrusion Detection Recommendations
> >
> > Hello, 
> > We are currently looking at different alternatives to our Snort
> > implementation for and IDS.  We currently run Snort+ACID on a SPAN port.  It
> > works well, but would like a more robust system that is capable of anomaly
> > detection, flow analysis, etc.  I am wondering what everyone uses for
> > IDS/IPS?  Do you use a combination of open source tools, a commercial
> > software solution, or a commercial hardware solution?  What are the
> > advantages of your implementation?  Disadvantages?
> >
> > Thanks!