RE: Signature Counts between IDS's

From: Chris Calvert (ccalvert@securedaemon.net)
Date: 09/13/02


From: Chris Calvert <ccalvert@securedaemon.net>
To: focus-ids@securityfocus.com
Date: 13 Sep 2002 15:14:32 -0600

Such as Aprimsa Security Manager?

Prelude apparently works with Snort sensors in addition to Prelude
sensors, which may not approach the scale/functionality suggested by the
inclusion of the commercial products in the list below.

All the best IDSs in the world will do little good, even whentuned
according to their strengths, efficiently handling the data thrown at
them, and keeping up with true line speed. The effective management of
the information they produce is key.

That re-raises a question similar to ones seen before on this list:
What information managers would the community recommend without the
price tag of something like Aprimsa?

Regards,

Chris

On Wed, 2002-09-11 at 23:55, Kohlenberg, Toby wrote:
> You forgot the cost of a console that can correctly translate
> all the different event names from each product you run. But even
> with that cost, it is still the right way to do things.
>
> :)
>
> All opinions are my own and in no way reflect the views of my employer
>
> toby
>
> > -----Original Message-----
> > From: Paris E. Stone [mailto:paris@archerintegration.com]
> > Sent: Wednesday, September 11, 2002 9:06 PM
> > To: Raffael Marty; focus-ids@securityfocus.com
> > Subject: RE: Signature Counts between IDS's
> >
> >
> > Snort = Free
> > Prelude = Free
> > NFR = $$$$$
> > Real Secure = $$$$$
> > Cisco Secure = $$$$$
> > Dragon = $$$$$$$$$