IDS mailing list archives
Re: Less well-known commercial IDS
From: Eric Hines <eric.hines () appliedwatch com>
Date: Tue, 18 Apr 2006 17:45:49 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi James, You bring up a good point. Yes, their are no up-front costs with Snort, rather, cost in managing the people you would need to hire to manage the large numbers of sensors, train them on the signature syntax, and numerous other things. However, with organizations that don't have the budget for the more expensive, COTS (Commercial off-the-shelf) IDS/IPS solutions, Snort SHOULD be a viable and less cost-prohibitive alternative to them. Solutions, such as ours, the Applied Watch Command Center, gives organizations who want to use Snort as an alternative, the enterprise GUI and Snort ruleset management capability they expect from those more expensive solutions. We offer a face-lift to the popular open source projects, such as Nessus, Snort, Snort-Inline, LaBrea Tarpit, ClamAV, and more. I'm seeing a fundamental shift happening within the Enterprise of commercial security solutions either being abandoned or even augmented by open source software, such as Snort. I'm sure you're familiar with the SANS "Defense in Depth" approach to security -- multiple layers. Organizations are practicing this. We see companies and federal/military with ISS, Enterasys, TopLayer, and others, but also add Snort to the mix. Where one lacks, the other doesn't. This is a REALLY good topic you brought up. So yes, you are correct, their is this perception that if an organization uses Snort, the up-front costs are $0 but the manpower is where the money would be spent. As products like the Applied Watch Command Center surface, this will be less of an issue, making open source finally an enterprise-grade option. Best Regards, Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC - --------------------------------------------- Eric Hines, GCIA, CISSP CEO, President Applied Watch Technologies, LLC 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Toll Free: (877) 262-7593 ext:327 Direct: (847) 854-2725 ext:327 Fax: (847) 854-5106 Web: http://www.appliedwatch.com Email: eric.hines () appliedwatch com - -------------------------------------------- "Enterprise Open Source Security Management" James Harless wrote:
I see a lot of discussion on this list to be about larger, more established IDS/IPS solutions. I'm just wondering if anyone has experience with smaller commercial IDS devices like the Symantec 7100 series? If so, what did you think? What were you comparing it to? Many of my clients are too small to afford the more expensive IDS offerings. And, the perception can be (correct or not is irrelevant) that SNORT simply shifts the up-front costs to the management phase. I guess, if you feel this is incorrect, I'd be interested in your thoughts on this, too. James Harless ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFERWwdbOqF2QHgUK0RAtD4AJ0bf/VTehXOyhVPXq3f/K3dZy72JACgvs4P Y/FMOKiKtcslpeeJtYOsu0I= =zJmt -----END PGP SIGNATURE----- ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Less well-known commercial IDS James Harless (Apr 18)
- RE: Less well-known commercial IDS Alan Shimel (Apr 19)
- Re: Less well-known commercial IDS Eric Hines (Apr 19)
- Re: Less well-known commercial IDS Kevin Wetzel (Apr 26)
- <Possible follow-ups>
- RE: Less well-known commercial IDS Andrew Plato (Apr 19)
- Re: Less well-known commercial IDS Dogten (Apr 20)
- Re: Less well-known commercial IDS Arturas Zalenekas (Apr 21)
- Re: Less well-known commercial IDS Nick Black (Apr 24)
- Re: Less well-known commercial IDS Dogten (Apr 20)
- Re: Less well-known commercial IDS arkon ra (Apr 21)