Re: IDS Implementation
From: hans m41 (mayer41_at_m05.yer.at)
Date: Sat, 8 Oct 2005 09:49:27 +0000 (UTC)
In article <email@example.com>,
>I have been asked by my company to research different IDS solutions,
i have experience since years with iss from realsecure
imho it's not manageable - the resource for manageing is to high
iss is more an ids than an ips.
i also played around with snort. snort gives more flexibility
at writing own rules, but is less manageable than iss.
there are a lot of false positives.
it tooks serveral weeks to reduce the amount of events
to a reasonable number of entries. and i have only 12 c-classes
i have also heard from mcafee's ips, but never worked with it.
mcafee has it's own hardware box and can communicate with checkpoint.
as i heard mcafee's ips should be fine and adminstrative costs
sould be small. but somebody else could give his experience
with mcafee. my next try would be mcafee.
my experience, all ids/ips are still at the beginning, even if
they are several years old.