Re: Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort

From: Rob Hughes (rob_at_robhughes.com)
Date: 08/12/04

• Next message: Celtic Leroy: "Re: Securing Data on HD"
• Previous message: Me: "Re: This is a test"
• In reply to: jeff: "Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort"
• Next in thread: Chris Calabrese: "Re: Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 12 Aug 2004 15:47:28 -0500

jeff is alleged to have said in comp.security.firewalls:

> Hey everyone,
>
> I am doing some research on IDS for my company. I don't see too much info
> about Smartdefense and Interspect on the net. Can someone post their
> experience or test result.
>
> Here's some questions i have:
> *Do ISS and Snort cover a much wider range of attacks that CP products?

Yes, but in different ways. For example, Snort doesn't pick up on certain
invalid/out of state TCP packets the way SD does. I use both in combination
to get a more complete picture of network traffic. Also, if you're looking
at SD, you should look at Interspect as well. It's a hybrid IDS/IPS based
on SD, but with some extra goodies.
 
> *Speed - Which of these product works well in high-traffic environment?

I've pumped several hundred MBit/p/sec through a lowish-end SPLAT based
firewall (P3 800/512 meg ram) with all SD features turned on.
 
> *Accuracy? - which one is more accurate?

See my first answer. They're different products with different focuses. It's
like asking which is more purple, and orange or a peach?
 
> * how reliable are these solution?

I find Snort and SD both to be very reliable. I haven't messed with ISS, so
color my answers appropriately.
 

-- 
Recursion: n. See Recursion.

---

• Next message: Celtic Leroy: "Re: Securing Data on HD"
• Previous message: Me: "Re: This is a test"
• In reply to: jeff: "Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort"
• Next in thread: Chris Calabrese: "Re: Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort ... > about Smartdefense and Interspect on the net. ... > *Do ISS and Snort cover a much wider range of attacks that CP products? ... See Recursion. ... (comp.security.unix) Re: Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort ... > about Smartdefense and Interspect on the net. ... > *Do ISS and Snort cover a much wider range of attacks that CP products? ... See Recursion. ... (comp.security.firewalls) RE: IDS vs. IPS deployment feedback ... claiming that ISS uses 1. ... asked for an example in which Snort used more signatures to provide ... agree that they handle exactly what the Snort rules are doing. ... You state that Snort uses 300 rules to cover one vulnerability while ... (Focus-IDS) RE: IDS recommendations ... Had to jump in on this debate between ISS and Snort. ... Remote management of snort- I have complete management of Snort (and I ... Subject: IDS recommendations ... (Focus-IDS) RE: IDS ISS ... Have had several years experience with ISS. ... Sourcefire is doing some very interesting and innovative work with snort ... Subject: IDS ISS ... > Find out quickly and easily by testing it with real-world attacks from ... (Focus-IDS)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > alt.computer.security  > 2004-08