IDS mailing list archives
Re: IDS Opinions
From: <mills () findmypants com>
Date: 2 Jun 2004 17:05:41 -0000
Symantecs engine is fast and can run quite a few sensors from small hardware. The interface is a bit clunky and not as slick as say SiteProtector from ISS but it gets the job done. They've rolled support for signature based detection in as well now making it a pretty good offering. If your scanning a lot of networks then it's worth a punt. They've also got an appliance coming out soon based on the SGS hardware. Snort is excellent but harsh to the beginner - hence the sourcefire implimentation. Coming on leaps and bounds. Well worth a look and there is plenty of resource on the Interweb thingy to get you started. Dragon - Not touched it :-( ISS Proventia - Just finished playing with the in-line IPS product, solid and good but low port density currently. New version coming out that monitors 4 networks in-line bridged soon. Comes with the fail-open cards as well which makes it a bit less of a nightmare if it goes down and severs your network at layer 1. The Netscreen is apparently not the greatest but again not had time to play with it. Have a look at a report done by NSS at http://www.nss.co.uk/ they tested all the mentioned IDS systems. Pretty detailed as well as being very well written. Regards Mills Tarek Amr Abdullah wrote:
Crayola, I recommend either ISS Proventia or Juniper NetScreen IDP. As I am not with deploying IDSs unless they are high quality and reliable. Otherwise if you choosed "Sourcefire's, Dragon (Enterasys), and Symantec's manhunt." For financial reasons. Then I think you may deploy Snort instead as it is open source, and also sourcefire is built upon snort. Best Regards, Tarek Amr Abdallah -----Original Message----- From: crayola () optonline net [mailto:crayola () optonline net] Sent: Friday, May 28, 2004 10:23 PM To: focus-ids () securityfocus com Subject: IDS Opinions Folks, I am currently in the middle of an RFP process to buy a new Network ids system for my company. I have narrowed it down to Sourcefire's, Dragon (Enterasys), and Symantec's manhunt. I would love to hear your opinions about these products if you use or have used them. Anything you can share would be great. I am really looking for some nonsales type opinions about how they work in the real world. Thanks, Mike ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- RE: IDS Opinions Harper, Patrick (Jun 01)
- <Possible follow-ups>
- RE: IDS Opinions Danislav Kostov (Jun 01)
- RE: IDS Opinions Martin (Jun 02)
- Re: IDS Opinions manish (Jun 02)
- Re: IDS Opinions Devdas Bhagat (Jun 14)
- RE: IDS Opinions Steve Massa (Jun 02)
- RE: IDS Opinions NTL World - Chris Standard (Jun 18)
- RE: IDS Opinions fr0ck9 (Jun 02)
- Re: IDS Opinions mills (Jun 02)
- Re: IDS Opinions Nik Schild (Jun 07)
- Re: IDS Opinions Brian (Jun 07)
- Re: IDS Opinions gcb33 (Jun 07)
- Re: IDS Opinions Greg Martin (Jun 09)
- FW: IDS Opinions Madalin Bratu (Jun 21)