Re: Signature Counts between IDS's

From: Michael Katz (mike@procinct.com)
Date: 09/10/02


Date: Tue, 10 Sep 2002 09:22:41 -0700
To: focus-ids@securityfocus.com
From: Michael Katz <mike@procinct.com>

At 9/10/2002 08:51 AM, SEdwards@toplayer.com wrote:

>Has anyone ever done a comparison between ISS & Snort on signature counts -
>so which product has the most sigs (and how many) - and which sigs match
>which in the two products

While I don't know the answer to your question, if you're looking to
compare the two (and other IDS products), take a look at the Network
Computing article from August 2001 at
http://www.networkcomputing.com/1217/1217f2.html

The report card (http://img.cmpnet.com/nc/1217/graphics/1217f2report_1.pdf)
rates the top 5 network IDS products as follows:

Enterasys Dragon 4.2 B+
Cisco Secure IDS 2.5 B
Snort 1.7 B-
ISS RealSecure 5.5 C+

There is also a comparison of each product based on signatures for nine (9)
attacks at http://img.cmpnet.com/nc/1217/graphics/1217f2_1.pdf

Michael Katz
mike@procinct.com
Procinct Security