Intrusion Detection Systems mailing list archives
RE: IDS Comparison
From: broyds () Home com (Bill Royds)
Date: Mon, 6 Mar 2000 08:19:38 -0500
As someone who is evaluating IDS (and trying to persuade management that an IDS is not a magic bullet), this debate is wonderful. There has been more points to consider than I have had in months reading articles and reviews. The real problem in IDS is fitting it into ones network/system architecture. No IDS can monitor an OC3 at full speed and properly assess traffic. There has to be a sound network design to allow your sensors to be at appropriate points. There has to be rule sets and signatures that reflect the corporate security policy and needs. There has to be intelligent administrators to analyse the results, whether in pretty reports or flat logs. I am leaning towards NFR and Dragon because they are more flexible, but I get pressure to install RealSecure because of "what happens if you leave?" questions. IDS us similar to firewalls in that it is not what they do that counts in selling as much as whose ass gets covered. Since FW-1 is best selling firewall, using it is "best practice", so one doesn't really have to analyse corporate needs. Similarly RealSecure falls into same spot, "If I use it, then no one will blame me if we got hacked". That is not security but it is reality and until someone gets sued for negligence for not having a defragging IDS, it will still be reality. -----Original Message----- From: owner-ids () uow edu au [mailto:owner-ids () uow edu au]On Behalf Of Ron Gula Sent: Sunday, March 05, 2000 20:33 To: John S Flowers Cc: ids () uow edu au Subject: Re: IDS: IDS Comparison <snip> All in all, I hope that any lurkers on this list who have questions won't be intimidated that the respective CTO's and Chief Scientists from a variety of strong network security companies are sparring it out here. If you have questions, let them fly. I'd also like to give a shout out to all of those new companies that will be releasing an IDS some time in 2000 or 2001. There is always more than one way to skin a cat. Ron Gula, CTO Network Security Wizards http://www.securitywizards.com
Current thread:
- IDS Comparison Sirine tlili (Mar 02)
- Re: IDS Comparison Frederick M Avolio (Mar 03)
- Re: IDS Comparison Bryan Nairn (Mar 03)
- Re: IDS Comparison Misha (Mar 03)
- Re: IDS Comparison Greg Shipley (Mar 04)
- Re: IDS Comparison John S Flowers (Mar 04)
- Re: IDS Comparison Ron Gula (Mar 05)
- RE: IDS Comparison Bill Royds (Mar 06)
- disadvantages and advantages kukulkan () netsecure fsksm utm my (Mar 05)
- Re: disadvantages and advantages bbradd () olg com (Mar 06)
- Re: IDS Comparison Greg Shipley (Mar 05)
- <Possible follow-ups>
- Re: IDS Comparison Paul_J_Bielefeldt () notes tcs treas gov (Mar 02)
- Re: IDS Comparison John Rezabek (Mar 03)
- Re: IDS Comparison Robert Graham (Mar 03)
- Re: IDS Comparison Jackie Chan (Mar 04)
- Re: IDS Comparison Marcus J. Ranum (Mar 04)
- Re: IDS Comparison Greg Shipley (Mar 05)
- Re: IDS Comparison Marcus J. Ranum (Mar 04)
- Re: IDS Comparison Jackie Chan (Mar 04)