IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IDS Opinions

From: "Harper, Patrick" <patrick.harper () phns com>
Date: Tue, 1 Jun 2004 07:50:04 -0500
The Sourcefire solution is really good in my opinion, very fast, easy to
manage, and very fast signature updates (also you can just write your
own with the industry standard "thank you Marty" language).  Snort is
also very good but if you are going to be deploying a lot of sensors the
management console form Sourcefire is really nice and you can alter and
push rulesets and make changes from a central interface with the
Sourcefire manager.  

Manhunt is pretty nice too, the last time I played with it was 2.2, the
only thing I did not like was what you had to go through to enter
standard rules and how it slowed down the detection.  Anomaly based
detection is OK, but I personally have some standard rules that I like
to use, especially when new threats come out.  When you do this on
manhunt (as of the last version I used, I may be corrected here by
someone using current versions) is slowed it down a lot.  

I have not used dragon in a while so I can't really say anything about
it, although it worked pretty well from what I remember.

-----Original Message-----
From: crayola () optonline net [mailto:crayola () optonline net] 
Sent: Friday, May 28, 2004 2:23 PM
To: focus-ids () securityfocus com
Subject: IDS Opinions

Folks, 

I am currently in the middle of an RFP process to buy a new Network ids
system for my company. I have narrowed it down to 

Sourcefire's, Dragon (Enterasys), and Symantec's manhunt. 

I would love to hear your opinions about these products if you use or
have used them. Anything you can share would be great. I am really
looking for some nonsales type opinions about how they work in the real
world. 

Thanks,
Mike


------------------------------------------------------------------------
---

------------------------------------------------------------------------
---







Disclaimer:
This electronic message, including any attachments, is confidential and intended solely for use of the intended 
recipient(s). This message may contain information that is privileged or otherwise protected from disclosure by 
applicable law. Any unauthorized disclosure, dissemination, use or reproduction is strictly prohibited. If you have 
received this message in error, please delete it and notify the sender immediately. 




---------------------------------------------------------------------------

---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: