Re: SOHO Hardware IDS

[Jerry Dixon <jerry () jdixon com>]

At 09:41 AM 11/10/2003, Ron Gula wrote:
> At 02:04 PM 11/10/2003 +0100, boutros () swissonline ch wrote:
> > Hi all,
> >
> > I am curious if there exists a SOHO-type hardware device with the 
> > functionality of the Snort IDS. I know I could build a cheap Linux box, 
> > but I am looking for something small and quieter than a PC....
> >
> > TIA,
> > Boutros
>
> Check out Fortinet.  http://www.fortinet.com/ Their web site has much
> about firewalls and anti-virus, but they also have Snort embedded into
> their appliances. I have several Tenable customers/partners looking at
> them and they say the logs output pretty much the same data as the
> Snort Linux boxes running right next to it.
>
> Ron Gula, CTO


Fortinet is a very capable box.  I've looked at other vendors (Check Point, 
Netscreen, & V-raptor) and they definitely have the lead on capabilities 
out of the box with regards to file blocking, anti-virus, NIDS 
functionality, VPN, and firewall feature set.  I just finished testing the 
60R and very impressed with what they've got.  The price point is also very 
good.

Since I run an incident response team, logging is real important to us and 
this box has excellent log outputs as well...as Ron pointed out definitely 
go check their web site out or see if you can get a demo box to kick the 
tires.

Jerry 


---------------------------------------------------------------------------
Network with over 10,000 of the brightest minds in information security
at the largest, most highly-anticipated industry event of the year.
Don't miss RSA Conference 2004! Choose from over 200 class sessions and
see demos from more than 250 industry vendors. If your job touches
security, you need to be here. Learn more or register at
http://www.securityfocus.com/sponsor/RSA_focus-ids_031023 
and use priority code SF4.
---------------------------------------------------------------------------