IDS mailing list archives

RE: Intrushield vs. ISS once more...

From: "Murtland, Jerry" <MurtlandJ () Grangeinsurance com>
Date: Mon, 20 Dec 2004 15:20:17 -0500

Personally, I reviewed ISS along with Cisco's IDS, NetScreen's and a few
other's.  Last week I decided on NetScreen because of it's ease of use (just
like a firewall), and it's compatibility with key software like
Ethereal/TCPDump.  The amount of information it gives you isn't bad although
like ISS and a few others, you will get the occasional alert that really
just doesn't give you enough to go on, so you have to count on other things
like netscout or a packet sniffing package to do some analysis.

I thought ISS was great also, but I also thought that there were too many
steps to get things done.  The interface was a little convoluted and you
were entirely dependant on ISS's X-Force team to write your new signatures.
With NetScreen's Snort engine, I can write my own signatures.  Not to
mention, since they were just bought by Juniper, I'm sure their funding for
new development will surge.  Not trying to sell you on anything, just
offering my own opinion on what I experienced.

I'm not sold on anyone's technology as far as IPS goes, but I would look for
the ability to granularly step into that technology when I decided to block
specific traffic patterns in the future.

Jerry J. Murtland, CISSP



-----Original Message-----
From: Jacob Winston [mailto:jctx09 () yahoo com]
Sent: Friday, December 17, 2004 8:49 PM
To: focus-ids () securityfocus com
Subject: Intrushield vs. ISS once more...




I have been evaluating Intrushield and ISS but am still unsure on which
route to take. Does anyone have compelling info on why Intrushield is better
or vice-versa? Any help is appreciated.



Thank you in advance.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Intrushield vs. ISS once more... Jacob Winston (Dec 20)
- Re: Intrushield vs. ISS once more... Dave Aitel (Dec 23)
  - RE: Intrushield vs. ISS once more... wnorth (Dec 30)
- Re: Intrushield vs. ISS once more... Chris Mills (Dec 30)
- <Possible follow-ups>
- RE: Intrushield vs. ISS once more... Murtland, Jerry (Dec 23)
- RE: Intrushield vs. ISS once more... Brito, Nelson (ISS Brazil) (Dec 27)
  - RE: Intrushield vs. ISS once more... Eric Hines (Dec 30)