Dragon Vs. Sourcefire NIDS

crayola_at_optonline.net
Date: 06/11/04

Next message: ADT: "Re: IDS Testing tool"

Previous message: Anton A. Chuvakin: "Re: IDS Testing tool"
Next in thread: K G: "RE: Dragon Vs. Sourcefire NIDS"
Maybe reply: K G: "RE: Dragon Vs. Sourcefire NIDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 11 Jun 2004 14:50:00 -0400
To: focus-ids@securityfocus.com

I have narrowed down my IDS choices to one of these
two after an exhaustive search of all the major ids players (9 in total).

I am really on the fence between them both and I am looking for some
insight from people who have these products in their companies.
I am totally ignoring the cost at this point of each product since I need
the best technical solution (not the cheapest).

Why do you love/hate your sourcefire or dragon IDS at your company?

Thanks,
Mike

------------------------------------------------------------------------------------
In my personal opinion their strengths and weaknesses are as follows.

Dragons strengths: Excellent GUI, very powerful (tons of configuration options),
supposedly the best detection engine out there, ability to incorporate syslog, firewall logs, etc into the console via a HIDS running on a syslog server, decent reporting - especially for execs.

Dragon Weaknesses: No scheduled reporting, can be very complex to configure.

Sourcefire Strengths: Builds on open source snort which has an excellent rep and get signatures from the opensource community, Scheduled reporting, excellent reporting, Pretty easy to configure, Ability to incorporate Network reconsisence info into console via RNA to provide relavence to IDS events.

Sourcefire weaknesses: Gui is good but not as good as dragons, not as configurable as dragon.

---------------------------------------------------------------------------

Next message: ADT: "Re: IDS Testing tool"

Previous message: Anton A. Chuvakin: "Re: IDS Testing tool"
Next in thread: K G: "RE: Dragon Vs. Sourcefire NIDS"
Maybe reply: K G: "RE: Dragon Vs. Sourcefire NIDS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Dragon IDS suffering
... > Do you think Dragon IDS will be spun out of Enterasys or shut-down? ... Dragon is a purely pattern-recognition IDS like NFR and Snort. ... RealSecure is in the process of swapping out its core technology. ...
(comp.security.misc)
Re: IDS Players?
... My opinions in short: ... >Enterasys Dragon ... The Dragon mailing list is informative and excellent; ... >Cisco IDS ...
(Focus-IDS)
RE: IDS Opinions
... Both in detection and false ... Subject: IDS Opinions ... Sourcefire's, Dragon, and Symantec's ... I would love to hear your opinions about these ...
(Focus-IDS)
RE: Updating Enterasys Dragon NIDS signature...
... signature set in each time. ... with someone in the Dragon group). ... Updating Enterasys Dragon NIDS signature... ... Test Your IDS ...
(Focus-IDS)
RE: Dragon Vs. Sourcefire NIDS
... Not really use sourcefire before, but I has been using Dragon ... for some times and found that it has the following strength ... Dragon Weaknesses: No scheduled reporting, can be very complex to configure. ...
(Focus-IDS)