Re: IDS Players?
From: Talisker (talisker@networkintrusion.co.uk)Date: 06/15/02
- Previous message: Carey, Steve T ISD: "RE: Signature vs Anomaly- again (wasRe: IDS Players?)"
- In reply to: Bill Mote: "IDS Players?"
- Next in thread: Claude Brogle: "RE: IDS Players?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Talisker" <talisker@networkintrusion.co.uk> To: "Bill Mote" <bill.mote@mem.com>, <focus-ids@securityfocus.com> Date: Sat, 15 Jun 2002 18:02:01 +0100
Bill
You mention "top 3 in each type" I'd recommend you look at many different
IDS in each type, I know this is a lot of work but you will be able to rule
out many products without actually trying them. I've seen many products
that are high in the "market leaders" league table for many reasons from
"good marketing" to "they were a good product but they sat back on their
laurels too long" That's not to say they are still good products or that
they are best suited to your network. I've had to turn off market leading
products because they were just too noisy for a diverse network such as
mine. But on a smaller LAN they were great.
As to your enquiry about deploying hybrid vs host I would be very surprised
if anyone on the list made such a recommendation about which would suit you
best without an first having an understanding of your topology or the
resources available to you to manage the various tiers of IDS.
In my experience the Network IDS produces more bangs per buck compared to
the host IDS also the host IDS can be a nightmare to tune. But if you
require defence in depth you will need both. There is often a policy driven
requirement to check your event/sys logs, a host IDS will greatly reduce the
resultant pain and suffering. A hybrid IDS combines a host and network IDS,
though there aren't too many of them at present and they aren't that cheap
also do you put them on every host or concentrate on servers, if it's every
host, will there be data quantity problems or bandwidth constraints? What
I'm trying to say is that it's not that straight forward, there are loads of
factors to consider. My advice, for what it's worth, is to try a few
products, not just the top 3, make the vendors squirm and get a feel for
what your network needs and ensure you have sufficient resources to manage
your investment.
good luck
-andy
http://www.networkintrusion.co.uk
Talisker's Network Security Tools
----- Original Message -----
From: "Bill Mote" <bill.mote@mem.com>
To: <focus-ids@securityfocus.com>
Sent: Monday, June 17, 2002 9:40 PM
Subject: IDS Players?
> Hi! I'm new to the list and new to IDS as well. I'm looking to implement
> an IDS solution but have no idea who the real players are in this market.
> I've seen more than 250 providers of IDS solutions. I only want to look
at
> the top 1 to 3 in each type. Any ideas?
>
> I've read about signature based IDS and host based IDS. I've even read
some
> material about the hybrid systems which incorporate features from
signature
> and host based IDSs. In your opinion, which one is better? Why?
>
> Thanks for your help!
>
> Bill
>
>
- Previous message: Carey, Steve T ISD: "RE: Signature vs Anomaly- again (wasRe: IDS Players?)"
- In reply to: Bill Mote: "IDS Players?"
- Next in thread: Claude Brogle: "RE: IDS Players?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
