Re: Intrusion Detection Recommendations

[Wes Simons <Wes.Simons () PATCHLINK COM>]

Having previously sold IDS/IPS for several years, I see ISS, McAfee and Tippingpoint as the major players in the space. 
 Cisco is just around the corner as they are currently releasing their new IPS.

________________________________

From: Jason Richardson [mailto:A00JER2 () WPO CSO NIU EDU]
Sent: Tue 8/9/2005 9:47 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Intrusion Detection Recommendations



We're using Snort with a BASE front-end (set up similar to what you are
doing with span port) and a Lancope Stealthwatch Anomaly Detection
appliance.  The Lancope device has worked out pretty well for us, but I
wish that they would write in some signature based detection.  The also
sell a console that aggregates Lancope sensor data as well as Snort
data.  intend to eval the console in September.  I can recommend this
company because of the superior tech support that we have received from
them - really top notch so far.

Another company to look at (that I'm surprised not to have heard anyone
mention yet) is Tipping Point.  If I had it to do over again I probably
would have looked at the Tipping Point appliances very hard because they
do the signature and anomaly based detection all in one place.

---
Jason Richardson
Manager, IT Security and Client Development
Enterprise Systems Support
Northern Illinois University