IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS vs. IPS deployment feedback

From: "Mike Barkett" <mbarkett () nfr com>
Date: Wed, 12 Apr 2006 12:57:18 -0400
-----Original Message-----
From: Richard Bejtlich [mailto:taosecurity () gmail com]
Sent: Monday, April 10, 2006 4:31 PM
To: Andrew Plato
Cc: focus-ids () securityfocus com
Subject: Re: IDS vs. IPS deployment feedback

On 4/10/06, Andrew Plato <andrew.plato () anitian com> wrote:

Yes...SOURCEFIRE customers get those signatures early. They get handed
out to the Snort world well after the fact. SourceFire is a commercial
company and you must PAY to get their product.

In other words - Sourcefire is no different than TP, ISS or any other
commercial vendor in this regard. As such, we're all just selling what
we know.


Andrew,

You call five days "well after the fact"?  Snort rules are free for
registered users, by the way.

Here's another difference between ISS and Snort -- I can read Snort
rules, even those developed by Sourcefire.  Can you point me to the
place where I can download and review ISS rules, even assuming I am a
registered owner?  Cisco?  Other?

One of the ways to build trust in a product is to see how it works.  I
trust Snort more than similar products because I can understand its
decision-making process.

Richard



NFR was doing this 3 years before Snort existed.  (I guess that makes us
"Other")

:)

-MAB


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: