IDS mailing list archives

Re: IDS Opinions

From: <mills () findmypants com>
Date: 2 Jun 2004 17:05:41 -0000

Symantecs engine is fast and can run quite a few sensors from small hardware. The
interface is a bit clunky and not as slick as say SiteProtector from ISS but it
gets the job done. They've rolled support for signature based detection in as
well now making it a pretty good offering. If your scanning a lot of networks
then it's worth a punt. They've also got an appliance coming out soon based on
the SGS hardware.

Snort is excellent but harsh to the beginner - hence the sourcefire
implimentation. Coming on leaps and bounds. Well worth a look and there is plenty
of resource on the Interweb thingy to get you started.

Dragon - Not touched it :-(

ISS Proventia - Just finished playing with the in-line IPS product, solid and
good but low port density currently. New version coming out that monitors 4
networks in-line bridged soon. Comes with the fail-open cards as well which makes
it a bit less of a nightmare if it goes down and severs your network at layer 1.

The Netscreen is apparently not the greatest but again not had time to play with it.

Have a look at a report done by NSS at http://www.nss.co.uk/ they tested all the
mentioned IDS systems. Pretty detailed as well as being very well written.

Regards

Mills

Tarek Amr Abdullah wrote:

Crayola,

I recommend either ISS Proventia or Juniper NetScreen IDP. As I am not
with deploying IDSs unless they are high quality and reliable. Otherwise
if you choosed "Sourcefire's, Dragon (Enterasys), and Symantec's
manhunt." For financial reasons. Then I think you may deploy Snort
instead as it is open source, and also sourcefire is built upon snort. 

Best Regards,
Tarek Amr Abdallah

-----Original Message-----
From: crayola () optonline net [mailto:crayola () optonline net] 
Sent: Friday, May 28, 2004 10:23 PM
To: focus-ids () securityfocus com
Subject: IDS Opinions

Folks, 

I am currently in the middle of an RFP process to buy a new Network ids 
system for my company. I have narrowed it down to 

Sourcefire's, Dragon (Enterasys), and Symantec's manhunt. 

I would love to hear your opinions about these products if you use or 
have used them. Anything you can share would be great. I am really
looking 
for some nonsales type opinions about how they work in the real world. 

Thanks, 
Mike


------------------------------------------------------------------------
---

------------------------------------------------------------------------
---


---------------------------------------------------------------------------

---------------------------------------------------------------------------








---------------------------------------------------------------------------

---------------------------------------------------------------------------

Current thread:

RE: IDS Opinions Harper, Patrick (Jun 01)
- <Possible follow-ups>
- RE: IDS Opinions Danislav Kostov (Jun 01)
  - RE: IDS Opinions Martin (Jun 02)
  - Re: IDS Opinions manish (Jun 02)
    - Re: IDS Opinions Devdas Bhagat (Jun 14)
  - RE: IDS Opinions Steve Massa (Jun 02)
    - RE: IDS Opinions NTL World - Chris Standard (Jun 18)
- RE: IDS Opinions fr0ck9 (Jun 02)
- Re: IDS Opinions mills (Jun 02)
- Re: IDS Opinions Nik Schild (Jun 07)
  - Re: IDS Opinions Brian (Jun 07)
  - Re: IDS Opinions gcb33 (Jun 07)
- Re: IDS Opinions Greg Martin (Jun 09)
- FW: IDS Opinions Madalin Bratu (Jun 21)