Re: IDS Players?

From: Martin Roesch (roesch@sourcefire.com)
Date: 06/19/02 

Date: Tue, 18 Jun 2002 21:22:49 -0400
From: Martin Roesch <roesch@sourcefire.com>
To: "Tom D'Aquino" <tom_daquino@yahoo.com>, Bill Mote <bill.mote@mem.com>, <focus-ids@securityfocus.com>

A few notes here.

1) Puresecure is not free in commercial environments and is not Open Source
software by any means (read the license).

2) For "enterprise grade" Snort appliances, my company (Sourcefire) has
appliances with a higher price point but lots more features/functionality
(all of which is proprietary wrapped around the open source core) than
anyone else I've seen in the "snort box" market. My opinion, of course.

As far as signature based and host based IDS, they're apples to oranges.
One is a methodology of detection and the other is a system type. You can
have signature based host-based IDS, for example. Network and host Idses
have their places in the network security hierarchy, I personally prefer the
manageability and coverage that you can get with NIDS, but there are
definitely places where HIDS has its place (on critical servers or at the
end of encrypted links, for example).

The thread that Mr. Shipley referenced a couple messages back will give you
more complete information than I will at this point...

     -Marty

On 6/18/02 1:54 PM, "Tom D'Aquino" <tom_daquino@yahoo.com> wrote:

> I've worked with ISS Realsecure and Cisco's Secure IDS at a Managed
> Security Services Provider and I use Snort/PureSecure for my home network.
> I have found that (imo) the Snort/PureSecure combo has been more
> enjoyable to work with and is much more cost effective. PureSecure
> incorporates NIDS monitoring with System Integrity Verification (helpful
> for host based monitoring) and Network Service Monitoring (just to let you
> know when a server is down).
>
> You can check out PureSecure at:
> http://www.demarc.com
>
> Also, Silicon Defense makes an appliance (based on Snort and SnortSnarf)
> that is reasonably priced.
> Check out Silicon Defense at:
> http://www.silicondefense.com/ 

-- 
Martin Roesch - Founder/CTO Sourcefire Inc. - (410) 290-1616
Sourcefire: Professional Snort Sensor and Management Console appliances
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

Relevant Pages

  • Re: Big security/question
    ... We are part of a bigger network, ... You'll get a better overall firewall and a lot more features. ... snort will do very nicely. ... a lot of open source stuff is great to play around with at home ...
    (comp.security.firewalls)
  • Re: Snort console recommendation
    ... but snort already feeds a database. ... Snort: Open Source Network IDS - http://www.snort.org ... The Lightning Console aggregates IDS events, ...
    (Focus-IDS)
  • Re: newbie quetsions (on how much Snort sucks)
    ... side effect of the way that we do "flushing" in the stream reassembler, ... You get out of IDS what you put into it. ... October on the mailing list that made no mention of Snort. ... >> getting into the open source spirit now!) ...
    (Focus-IDS)
  • Re: [Snort-devel] Re: RFC: Forking Snort
    ... > I don't maintain the database plugin, ... why would I be the point of contact for future database plugin ... someone I work with on our snort deployment. ... you as a leader of an open source project and a commercial ...
    (Focus-IDS)
  • Re: newbie quetsions (on how much Snort sucks)
    ... or for the development effort that goes into Snort, ... Open source is a community effort, we rely on constructive criticism, ... >> The reality is that every IDS has evasion potentials and if you are ... I'm not that capable an attacker. ...
    (Focus-IDS)