re: Survey on IDS!

[andy cuff <lists () securitywizardry com>]

Hugo,
You've probably opened the door on a pre-Christmas vendor winge fest

> 1. In your opinion, which is the best IDS ?

1.   It depends upon what your requirements are, no IDS can meet everyone's 
requirements. Off the top of my head, are you looking for:

   High throughput
   Full rolling packet capture in addition to event packet capture
   SSL decryption
   Management on a separate server
   Interaction with a SIM, if so via what mechanism
   Cost of tin and people to manage (there is no free IDS)
   Are your staff Linux or Windows experienced
   Are your staff familiar with MS SQL, Oracle, MySQL etc
   Are your analytical staff able to understand raw output or will they require 
event descriptions
   How many IDS are required
   Would you prefer software or appliances
   etc etc etc
   Now we can start to look at how capable the IDS is

Scroll back through the archives, this question has been asked approximately 
every 6 months for the last 6 years


Best Regards


-- 
Andy Cuff
Computer Network Defence Ltd
www.SecurityWizardry.com




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------