IDS mailing list archives
RE: Intrushield vs. ISS once more...
From: "Brito, Nelson (ISS Brazil)" <NBrito () iss net>
Date: Mon, 27 Dec 2004 10:27:43 -0500
I have been asked about those features and what I say is: "ISS is fully compatible with Ethereal and TCPDump captured files, you just have to turn-on the response for this in the policy (aka LOG EVIDENCE)." You can also use TRONS, snort's style signatures, or even User Defined signatures that uses regex. So you are able to write your own signatures. ;-) Just to let you all know, before reviewing any IDS/IPS, ask the manufacture about the advanced configurations, I can bet that for whoever you ask about, they will be glad to assist you as they can. - nb Merry Christmas and Happy New Year. Feliz Navidad y Próspero Año Nuevo. Feliz Natal e Próspero Ano Novo. {(!($^O=~/^[M]*$32/i)&&($0=~s!^.*/!!))||($0=~s!.*\\!!)}print$0; -----Original Message----- From: Murtland, Jerry [mailto:MurtlandJ () Grangeinsurance com] Sent: Monday, December 20, 2004 6:20 PM To: 'Jacob Winston'; focus-ids () securityfocus com Subject: RE: Intrushield vs. ISS once more... Personally, I reviewed ISS along with Cisco's IDS, NetScreen's and a few other's. Last week I decided on NetScreen because of it's ease of use (just like a firewall), and it's compatibility with key software like Ethereal/TCPDump. The amount of information it gives you isn't bad although like ISS and a few others, you will get the occasional alert that really just doesn't give you enough to go on, so you have to count on other things like netscout or a packet sniffing package to do some analysis. I thought ISS was great also, but I also thought that there were too many steps to get things done. The interface was a little convoluted and you were entirely dependant on ISS's X-Force team to write your new signatures. With NetScreen's Snort engine, I can write my own signatures. Not to mention, since they were just bought by Juniper, I'm sure their funding for new development will surge. Not trying to sell you on anything, just offering my own opinion on what I experienced. I'm not sold on anyone's technology as far as IPS goes, but I would look for the ability to granularly step into that technology when I decided to block specific traffic patterns in the future. Jerry J. Murtland, CISSP -----Original Message----- From: Jacob Winston [mailto:jctx09 () yahoo com] Sent: Friday, December 17, 2004 8:49 PM To: focus-ids () securityfocus com Subject: Intrushield vs. ISS once more... I have been evaluating Intrushield and ISS but am still unsure on which route to take. Does anyone have compelling info on why Intrushield is better or vice-versa? Any help is appreciated. Thank you in advance. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Intrushield vs. ISS once more... Jacob Winston (Dec 20)
- Re: Intrushield vs. ISS once more... Dave Aitel (Dec 23)
- RE: Intrushield vs. ISS once more... wnorth (Dec 30)
- Re: Intrushield vs. ISS once more... Chris Mills (Dec 30)
- <Possible follow-ups>
- RE: Intrushield vs. ISS once more... Murtland, Jerry (Dec 23)
- RE: Intrushield vs. ISS once more... Brito, Nelson (ISS Brazil) (Dec 27)
- RE: Intrushield vs. ISS once more... Eric Hines (Dec 30)
- Re: Intrushield vs. ISS once more... Dave Aitel (Dec 23)