Re: Less well-known commercial IDS

[Eric Hines <eric.hines () appliedwatch com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi James,

You bring up a good point. Yes, their are no up-front costs with Snort,
rather, cost in managing the people you would need to hire to manage the
large numbers of sensors, train them on the signature syntax, and
numerous other things.

However, with organizations that don't have the budget for the more
expensive, COTS (Commercial off-the-shelf) IDS/IPS solutions, Snort
SHOULD be a viable and less cost-prohibitive alternative to them.

Solutions, such as ours, the Applied Watch Command Center, gives
organizations who want to use Snort as an alternative, the enterprise
GUI and Snort ruleset management capability they expect from those more
expensive solutions. We offer a face-lift to the popular open source
projects, such as Nessus, Snort, Snort-Inline, LaBrea Tarpit, ClamAV,
and more.

I'm seeing a fundamental shift happening within the Enterprise of
commercial security solutions either being abandoned or even augmented
by open source software, such as Snort.

I'm sure you're familiar with the SANS "Defense in Depth" approach to
security -- multiple layers. Organizations are practicing this. We see
companies and federal/military with ISS, Enterasys, TopLayer, and
others, but also add Snort to the mix. Where one lacks, the other doesn't.

This is a REALLY good topic you brought up. So yes, you are correct,
their is this perception that if an organization uses Snort, the
up-front costs are $0 but the manpower is where the money would be
spent. As products like the Applied Watch Command Center surface, this
will be less of an issue, making open source finally an enterprise-grade
option.



Best Regards,

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC


- ---------------------------------------------

Eric Hines, GCIA, CISSP
CEO, President
Applied Watch Technologies, LLC
1095 Pingree Road
Suite 213
Crystal Lake, IL 60014
Toll Free: (877) 262-7593 ext:327
Direct: (847) 854-2725 ext:327
Fax: (847) 854-5106
Web: http://www.appliedwatch.com
Email: eric.hines () appliedwatch com

- --------------------------------------------

"Enterprise Open Source Security Management"


James Harless wrote:
> I see a lot of discussion on this list to be about larger, more established
> IDS/IPS solutions.  I'm just wondering if anyone has experience with smaller
> commercial IDS devices like the Symantec 7100 series?  If so, what did you
> think?  What were you comparing it to?
>
> Many of my clients are too small to afford the more expensive IDS offerings.
> And, the perception can be (correct or not is irrelevant) that SNORT simply
> shifts the up-front costs to the management phase.  I guess, if you feel
> this is incorrect, I'd be interested in your thoughts on this, too.
>
> James Harless
>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it 
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
> to learn more.
> ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFERWwdbOqF2QHgUK0RAtD4AJ0bf/VTehXOyhVPXq3f/K3dZy72JACgvs4P
Y/FMOKiKtcslpeeJtYOsu0I=
=zJmt
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------