RE: IDS recommendations

From: Andrew Plato (aplato@anitian.com)
Date: 12/01/01


Subject: RE: IDS recommendations
Date: Fri, 30 Nov 2001 15:00:52 -0800
Message-ID: <F00526CF62C7254395D46BA3200CB1E2065BAB@panther.anitian.com>
From: "Andrew Plato" <aplato@anitian.com>
To: "Dr SuSE" <drsuse@lizard.drsuse.org>, <Nate.Duzenberry@mortgage.wellsFargo.COM>, <focus-ids@securityfocus.com>

That is a good point, Dr. Suse, and one that routinely infuriates me
about ISS. Yes, they are the market leader, but that doesn't make them
the best technology. I think it is pretty lame when companies do that as
well.

However, in ISS's defense, I think some of the technology is quite good
and is very competitive to Snort. Again, I have a strong bias here, but
buying Network ICE was one the smartest things ISS has ever done.
Network ICE's technology has always been superior in many ways to
RealSecure. That is probably why RS will basically become BI in the
upcoming releases.

One of the problems with BI is its stigma as a "personal firewall" which
has made it languish in the depressing world of SOHO software where
pseudo-security experts rant about BI's inability to block their kids
from viewing pr0n or having ICQ chats with some weird-o in Bulgaria.
Telling them that BI was never designed to block pr0n does no good since
these people want 24th century technology at 18th century prices.

I say before you wipe out RS, try BI *and* Snort. I think you'll find
they are both very good and will tend to spot the same exact things.
Snort being free is obvious a big plus in its favor. But, BI has a very
nice central console (ICEcap 3.0 is a BILLION times better than 2.5).

And don't waste time with the BI Defender. Get the real thing - BI Agent
or Sentry.

Good luck!
Andrew Plato

> -----Original Message-----
> From: Dr SuSE [mailto:drsuse@lizard.drsuse.org]
> Sent: Friday, November 30, 2001 2:47 PM
> To: Nate.Duzenberry@mortgage.wellsFargo.COM; Andrew Plato;
> focus-ids@securityfocus.com
> Subject: RE: IDS recommendations
>
>
> Not long ago, Ernon was the market leader in their business
> sector also. Just
> because your the market leader in something doesn't mean your
> the best. I
> heard Enron was ISS' biggest customer so perhaps after Enron
> falls ISS will no
> longer be the market leader. I'm sure there are more Snort
> machines out there
> than there are ISS boxes anyway.
>
> We have replaced our Dragon sensors with Snort and our parent
> company is
> talking about replacing ISS with Snort. Soon there will be a
> few less ISS
> servers in the world.
>
> If someone ever tried to sell me a product and all they could
> tell me was that
> they are the market leader I would slap em with a hot mop and
> show them the
> door.
>
>