Intrusion Detection Systems mailing list archives
Re: HIDS vs. NIDS market stats?
From: Greg Shipley <gshipley () neohapsis com>
Date: Thu, 24 May 2001 02:56:46 -0500 (CDT)
Archive: http://msgs.securepoint.com/ids FAQ IDS: http://www.sans.org/newlook/resources/IDFAQ/ID_FAQ.htm FAQ NIDS: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner () uow edu au NOTE: Remove this section from reply msgs otherwise the msg will bounce. SPAM: DO NOT send unsolicted mail to this list. UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au ----------------------------------------------------------------------------- On Wed, 23 May 2001, Talisker wrote:
The problem as I see it is that a single NIDS will cover 100's of hosts whereas generally every host or at least all the servers need to have individual HIDS agents. Therefore a purely numeric comparision wouldn't be accurate
*snip*
Please don't feel insulted by the above analogy, I realise you know your way around the differing IDS categories far better than I.
Nah - I've just wasted, I mean, er, spent more time with them. :)
Greg I realise now that this hasn't helped you in the slightest with your quest, but felt the urge to respond, though I think you are probably correct in suspecting there are more NIDS than HIDS.
Actually, no, you have helped - that's a very valid point. Perhaps a better stat (but one that I have no hope of obtaining) would be which type covers/watches over the most # of hosts. And on that front, yeah, NIDS would undoubtably be larger. How much larger - ergh, no idea. The reason I ask is that Patrick and I are in the final stretch of our review for NWC, and I'm trying to figure out how much weight to give NIDS solutions that don't have HIDS counterparts. They are two different approaches, but the combined coverage IMHO is quite relevant. The problem comes in when you try to compare something like RealSecure (which has both NIDS and HIDS components) to something like Cisco's Secure IDS (I still have problems not saying NetRanger) which DOESN'T have an integrated host component. On one level you are evaluating apples to apples (i.e. Dragon vs. SecureNetPro), and on another you are reviewing SOLUTIONS (i.e. Cisco vs. ISS). But I digress.... Not like the review is going to hinge on this, but we've got to somehow address this issue fairly. I'm still glad I'm not covering the PKI beat anymore *puke* but man, this IDS coverage is a killer. :) Thanks for the ideas, -Greg P.S. I'm not sure if we have mackerel native in the US, but it certainly is at all of the sushi restaurants I go to. :)
Current thread:
- HIDS vs. NIDS market stats? Greg Shipley (May 23)
- Re: HIDS vs. NIDS market stats? Talisker (May 23)
- Re: HIDS vs. NIDS market stats? Greg Shipley (May 24)
- <Possible follow-ups>
- RE: HIDS vs. NIDS market stats? Fogel, Avi (May 23)
- RE: HIDS vs. NIDS market stats? Greg Shipley (May 23)
- RE: RE: HIDS vs. NIDS market stats? Fogel, Avi (May 23)
- Re: HIDS vs. NIDS market stats? Talisker (May 23)