RE: Intrushield vs. ISS once more...

["Brito, Nelson (ISS Brazil)" <NBrito () iss net>]

I have been asked about those features and what I say is:  
"ISS is fully compatible with Ethereal and TCPDump captured files, you just have to turn-on the response for this in 
the policy (aka LOG EVIDENCE)."  
  
You can also use TRONS, snort's style signatures, or even User Defined signatures that uses regex. So you are able to 
write your own signatures. ;-)  
  
Just to let you all know, before reviewing any IDS/IPS, ask the manufacture about the advanced configurations, I can 
bet that for whoever you ask about, they will be glad to assist you as they can.

- nb

Merry Christmas and Happy New Year.
Feliz Navidad y Próspero Año Nuevo.
Feliz Natal e Próspero Ano Novo.

{(!($^O=~/^[M]*$32/i)&&($0=~s!^.*/!!))||($0=~s!.*\\!!)}print$0;

 

-----Original Message-----
From: Murtland, Jerry [mailto:MurtlandJ () Grangeinsurance com] 
Sent: Monday, December 20, 2004 6:20 PM
To: 'Jacob Winston'; focus-ids () securityfocus com
Subject: RE: Intrushield vs. ISS once more...


Personally, I reviewed ISS along with Cisco's IDS, NetScreen's and a few other's.  Last week I decided on NetScreen 
because of it's ease of use (just like a firewall), and it's compatibility with key software like Ethereal/TCPDump.  
The amount of information it gives you isn't bad although like ISS and a few others, you will get the occasional alert 
that really just doesn't give you enough to go on, so you have to count on other things like netscout or a packet 
sniffing package to do some analysis.

I thought ISS was great also, but I also thought that there were too many steps to get things done.  The interface was 
a little convoluted and you were entirely dependant on ISS's X-Force team to write your new signatures. With 
NetScreen's Snort engine, I can write my own signatures.  Not to mention, since they were just bought by Juniper, I'm 
sure their funding for new development will surge.  Not trying to sell you on anything, just offering my own opinion on 
what I experienced.

I'm not sold on anyone's technology as far as IPS goes, but I would look for the ability to granularly step into that 
technology when I decided to block specific traffic patterns in the future.

Jerry J. Murtland, CISSP



-----Original Message-----
From: Jacob Winston [mailto:jctx09 () yahoo com]
Sent: Friday, December 17, 2004 8:49 PM
To: focus-ids () securityfocus com
Subject: Intrushield vs. ISS once more...




I have been evaluating Intrushield and ISS but am still unsure on which route to take. Does anyone have compelling info 
on why Intrushield is better or vice-versa? Any help is appreciated.



Thank you in advance.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------