IDS mailing list archives
RE: Less well-known commercial IDS
From: "Andrew Plato" <andrew.plato () anitian com>
Date: Tue, 18 Apr 2006 11:44:21 -0700
I see a lot of discussion on this list to be about larger, more established IDS/IPS solutions. I'm just wondering if anyone has experience with smaller commercial IDS devices like the Symantec 7100 series? If so, what did you think? What were you comparing it to?
I think there are a lot of lower-cost IPSs. Some are good, some are fair, many are lame. Symantec isn't one that comes to mind. It actually is pretty expensive. My personal favorite is Fortinet. It's a UTM (all-in-one) box. We sell A LOT of Fortinet and as a whole, customers have been very pleased with its performance. And its IPS is based on Snort, incidentally. Fortinet has the plus of having firewall, anti-virus, VPN, and lots of other goodies as well. I have heard good things about SecureWorks. However, they are a purely managed IPS. I have one customer with Astaro, who says good things about their product.
Many of my clients are too small to afford the more expensive IDS
offerings.
And, the perception can be (correct or not is irrelevant) that SNORT
simply
shifts the up-front costs to the management phase. I guess, if you
feel
this is incorrect, I'd be interested in your thoughts on this, too.
Snort is resource intensive. It's a good IDS/IPS that requires a lot of expertise and management to make it work effectively. Most small to medium businesses lack such resources, as you have discovered. As such, lower cost commercial IPSs like SecureWorks or Fortinet (both Snort-based IPSes), give those customers the value of Snort as a technology without requiring a lot of personnel resources. _____________________________________ Andrew Plato, CISSP President / Principal Consultant ANITIAN ENTERPRISE SECURITY Your Expert Partner for Security & Networking 3800 SW Cedar Hills Blvd, Suite 280 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com _____________________________________ PGP/GPG public key available at: http://www.anitian.com/corp/keys.htm _________________________________________________ NOTICE: This email may contain confidential information, and is for the sole use of the intended recipient. If you are not the intended recipient, please reply to the message and inform the sender of the error and delete the email and any attachments from your computer. _________________________________________________ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Less well-known commercial IDS James Harless (Apr 18)
- RE: Less well-known commercial IDS Alan Shimel (Apr 19)
- Re: Less well-known commercial IDS Eric Hines (Apr 19)
- Re: Less well-known commercial IDS Kevin Wetzel (Apr 26)
- <Possible follow-ups>
- RE: Less well-known commercial IDS Andrew Plato (Apr 19)
- Re: Less well-known commercial IDS Dogten (Apr 20)
- Re: Less well-known commercial IDS Arturas Zalenekas (Apr 21)
- Re: Less well-known commercial IDS Nick Black (Apr 24)
- Re: Less well-known commercial IDS Dogten (Apr 20)
- Re: Less well-known commercial IDS arkon ra (Apr 21)