Re: Intrusion Detection Recommendations

[Dean De Beer <ddb () PLAZACOLLEGE EDU>]

Mike,
 
I'm not too sure of your budget but you might want to look at Radware's
Defense Pro IPS. It is a pretty robust appliance. It has Gbit fiber and
copper connectivity or you can have a combination of both. It uses
signatures and I believe the latest also does anomaly detection. Has great
high level, executive reports too for all the suits. :)  We are also going
to be looking at Sourcefire's 3D product. It's pretty impressive and is an
easy transition for any Snort user. We are looking to have one of them
complement our existing Snort setup.
 
Cheers,
 
Dean
 
Dean De Beer
Manager of Information Technology
Plaza College
Plaza College Way
Jackson Heights
NY 11372
Tel: (718) 779-1430 ext.115
 

-----Original Message-----
From: Mike Radomski [mailto:Mike.Radomski () ITEC SUNY EDU] 
Sent: Tuesday, August 09, 2005 9:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Intrusion Detection Recommendations



Hello, 
We are currently looking at different alternatives to our Snort
implementation for and IDS.  We currently run Snort+ACID on a SPAN port.  It
works well, but would like a more robust system that is capable of anomaly
detection, flow analysis, etc.  I am wondering what everyone uses for
IDS/IPS?  Do you use a combination of open source tools, a commercial
software solution, or a commercial hardware solution?  What are the
advantages of your implementation?  Disadvantages? 

Thanks! 
-- 
Mike Radomski 

SUNY - ITEC 
Information Technology Exchange Center 
Systems Programmer/Analyst 
E-mail: Mike.Radomski () itec suny edu 
Systems E-Mail: scsys () itec suny edu 
Phone: (716)878-4832 
Cellular: (716)807-4040 
Fax: (716)878-3485
PGP Public Key: http://www2.itec.suny.edu/~radomsmj/mradomski.asc

There are only 10 types of people... 
Those who understand binary and those who don't.