Intrusion Detection Systems mailing list archives

Re: IDS Comparison

From: bnairn () telenisus com (Bryan Nairn)
Date: Fri, 03 Mar 2000 12:12:29 -0600



Sirine,

Here are a few thoughts I have on NetRanger and RealSecure.

NetRanger is highly configurable.  More so than RealSecure.  Each has a number
of configurability options, but I've found Cisco's product to be more robust.
NetRanger can handle a high level of network throughput.  I've seen NetRanger
Sensors operate smoothly in a 100Mbps environment.  ISS will admit to you that
once you go over 30Mbps the device has trouble keeping up, and that the upper
threshold is around 65Mbps..

How do you feel about cost?  NetRanger sells their sensor as an appliance and
is quite expensive.  RealSecure is sold as software.  You'll need to come up
with your own hardware.  Make sure the hardware is scalable and beefy, as I've
noticed the RealSecure console to be a bit of a resource hog.  Also consider
that NetRanger, to my current knowledge, is completely Unix based.  Sun x86 on
the sensors and Sun Sparc on the director.  ISS is more versatile here.  The
console must be run on an NT platform, but the sensor can be run on a number of
architectures.

Here is the biggest disparity between Cisco and ISS.  Cisco's reporting is
terrible.  ISS reporting is fairly robust.  In a Cisco Secure IDS environment
it's best to run an Oracle back end and push all your log files to it.  Cisco
has developed some of the schema for this, but it's pretty weak.  Another bet
is adding on NetForensics from NetCom to the Oracle back end.  This fills out
the reporting deficiencies of a Cisco Secure IDS solution, but at a serious
price differential.  ISS has tons of reporting built into the product.  You can
run canned reports and output them into a number of different file formats.

This is just a quick overview.  There are many points I'm sure I'm leaving out,
but wanted to present a couple to you.  If you have more questions, just ask.
In a nutshell Cisco offers performance and functionality over reporting and at
a high cost.  ISS offers reporting over performance for less money.  It truly
depends on the environment you're dealing with.  Demo both, if you haven't
already and see what you think.

Bryan Nairn

Sirine tlili wrote:


Our company would like to purchase an intrusion detection system.
We don't know which one to choose Netranger or ISS Real Secure.
Can somebody help us to make a comparison between these two products ?

Thanks.
Sirine Tlili

Current thread:

IDS Comparison Sirine tlili (Mar 02)
- Re: IDS Comparison Frederick M Avolio (Mar 03)
- Re: IDS Comparison Bryan Nairn (Mar 03)
  - Re: IDS Comparison Misha (Mar 03)
  - Re: IDS Comparison Greg Shipley (Mar 04)
    - Re: IDS Comparison John S Flowers (Mar 04)
    - Re: IDS Comparison Ron Gula (Mar 05)
    - RE: IDS Comparison Bill Royds (Mar 06)
    - disadvantages and advantages kukulkan () netsecure fsksm utm my (Mar 05)
    - Re: disadvantages and advantages bbradd () olg com (Mar 06)
    - Re: IDS Comparison Greg Shipley (Mar 05)
- <Possible follow-ups>
- Re: IDS Comparison Paul_J_Bielefeldt () notes tcs treas gov (Mar 02)
  - Re: IDS Comparison John Rezabek (Mar 03)

(Thread continues...)