IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Dragon Vs. Sourcefire NIDS

From: "K G" <kg () hackermail com>
Date: Mon, 14 Jun 2004 09:43:46 +0800
Hi,

Not really use sourcefire before, but I has been using Dragon
for some times and found that it has the following strength 
I would like to comment:

1) Easy customise signatures format.
2) Powerful packet session capture which will enabled you to
see what actually the attacker was doing after he compromised
your network/server.
3) For the configuration wise, I would say it is rather straight
forward. With the appliance based dragon, you do not need to install 
and configure anything.


KG


-----Original Message-----
From: crayola () optonline net [mailto:crayola () optonline net] 
Sent: Saturday, June 12, 2004 2:50 AM
To: focus-ids () securityfocus com
Subject: Dragon Vs. Sourcefire NIDS

I have narrowed down my IDS choices to one of these two after an exhaustive search of all the major ids players (9 in 
total). 

I am really on the fence between them both and I am looking for some insight from people who have these products in 
their companies. 
I am totally ignoring the cost at this point of each product since I need the best technical solution (not the 
cheapest).

Why do you love/hate your sourcefire or dragon IDS at your company? 

Thanks,
Mike

------------------------------------------------------------------------------------
In my personal opinion their strengths and weaknesses are as follows. 

Dragons strengths: Excellent GUI, very powerful (tons of configuration options), supposedly the best detection engine 
out there, ability to incorporate syslog, firewall logs, etc into the console via a HIDS running on a syslog server, 
decent reporting - especially for execs. 

Dragon Weaknesses: No scheduled reporting, can be very complex to configure. 

Sourcefire Strengths: Builds on open source snort which has an excellent rep and get signatures from the opensource 
community, Scheduled reporting, excellent reporting, Pretty easy to configure, Ability to incorporate Network 
reconsisence info into console via RNA to provide relavence to IDS events. 

Sourcefire weaknesses: Gui is good but not as good as dragons, not as configurable as dragon. 



---------------------------------------------------------------------------

---------------------------------------------------------------------------



-- 
_______________________________________________
Get your free email from http://www.hackermail.com

Powered by Outblaze

---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: