Re: "Free" IDS
From: Brandon Gillespie (gillespie@iomega.com)Date: 09/17/02
- Previous message: Chris Peden: "Win32 HIDS"
- In reply to: Andrew Plato: ""Free" IDS"
- Next in thread: David Ellis: "RE: "Free" IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 17 Sep 2002 08:27:01 -0600 From: Brandon Gillespie <gillespie@iomega.com> To: focus-ids@securityfocus.com
Andrew Plato wrote:
>>Snort = Free
>>Prelude = Free
>>NFR = $$$$$
>>Real Secure = $$$$$
>>Cisco Secure = $$$$$
>>Dragon = $$$$$$$$$
>
>
> Running Snort in an enterprise is hardly "free". Snort has to be run on system(s) and that costs money (even if its a junker sitting around, it still has value.) Moreover, if your company is paying somebody to install, manage, and maintain, a Snort box, that's a cost. And it could be argued that Snort boxes have a considerably higher administration hit since there is no standard rule set and enterprise-wide deployment is very difficult. Then there is the training of the people using that tool. That usually means attending a SANS course - that's $4500 a pop when you add in hotel, flights, rental car, and mini-bar costs (unless you're lucky and have a SANS course come to your town).
>
> Granted, any commercial IDS is going probably cost a bit more over an open source product, but you also get economies of scale. For example, most commercial IDS products have inexpensive training seminars or even web-based seminars that can help teach users. This gets you a massive economy of scale on training. Support costs (and times) can be cut down since there is a centralized support mechanism for these products.
>
> Its easy to analyze cost in a techno-vacuum. But any serious analysis of the cost of ANY technology and especially IDS must consider the related expenses of management, maintenance, training, and support.
>
While I agree on the 'not really free' aspect, frankly the overhead
costs are in reality (and in my experience) roughly equal across
different vendors, including open source. The way I've banked
open-source vs commercial to upper management is that we save on the
_purchase_ price, but what we'd normally dump into maintenance goes into
paying our own people to do upkeep and management, so we don't save
maintenance costs. As for training etc, that washes out in my
experience. You also have to have a higher grade (thus higher salary)
of administrator if you are going to have open source, because they have
to be technically savvy enough to be able to dig into the source code at
times. The Microsoft way of boiler-plate training admins does NOT work
for open source, at all. Knowing which buttons to push works great when
they give you nice buttons, and you have a simple turn-key ignition.
Open source expects you to hot-wire the system just to get it running :)
-Brandon Gillespie
(We use a mix of open-source and commercial products. We did drop NFR a
year or so back for snort and I dont resent the decision one bit)
-- Senior Systems Administrator Iomega Corporation gillespie@iomega.com
- Previous message: Chris Peden: "Win32 HIDS"
- In reply to: Andrew Plato: ""Free" IDS"
- Next in thread: David Ellis: "RE: "Free" IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
