Security Basics mailing list archives

Re: Cisco vs. Snort

From: Nicholas Diotte <xphox () xphox net>
Date: 4 Sep 2003 13:20:27 -0000

In-Reply-To: <002701c371f2$d327c890$041410ac@nessus>

Jude,

I have a reasonable budget, not an unlimited supply.  For the price ISS 
quoted me, I can impliment Cisco, NetMon, and Snort!  However I'm currious 
as to why you would choose ISS over other products.  Have you had the 
chance to compair IDS vendors?  Maybe that question can be thrown out to 
the list.  

Does anyone have any reports compairing different IDSes?

I'm finding it very hard to create a presentation, as I don't have 
anything to compair besides what is available on vendor's websites.  And 
we all most of that information was created by some marketting firm, who 
knows nothing about real world issues.

Thanks,

IF you have the budget for an IDS, why don't you go with a well used,
supported and trusted brand, like ISS RealSecure running on a Nokia
appliance ?

Jude

----- Original Message ----- 
From: "Nicholas Diotte" <xphox () xphox net>
To: <security-basics () securityfocus com>
Sent: Tuesday, September 02, 2003 5:18 PM
Subject: Cisco vs. Snort

Good day,

Recently I've been asked to impliment an IDS system within our corporate
network.  I've been given a more then reasonable budget, so I'm not
looking for a cheap/freebie solution.  What if any are the advantages of
going Cisco vs. building a Snort system.

What I'm thinking is Snort would be much more of a headake as you need to
write/obtain rules, whereas Cisco that is not the case.

Has anyone had a chance to examin the two devices, and any pointers before
I proceed with such an order?  Most of our products on our network are
Cisco based, including all FW, routers, and soon switches.

Reason why I'm asking is that I've been asked to do a presentation for our
Board of Directors, and as you can see the person in charge before me,
implimented nothing but Cisco products.

Thanks,
Nick


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

RE: Cisco vs. Snort, (continued)
- RE: Cisco vs. Snort David stout (Sep 03)
- Re: Cisco vs. Snort Jude Naidoo (Sep 03)
- Re: Cisco vs. Snort Stefan Marx (Sep 04)
- Re: Cisco vs. Snort Stefan Marx (Sep 04)
- RE: Cisco vs. Snort Ethan (Sep 04)
- Re: Cisco vs. Snort Jorge Claudio (Sep 04)
- Re: Cisco vs. Snort Sebastian Schneider (Sep 10)
- RE: Cisco vs. Snort McGill, Lachlan (Sep 03)
  - RE: Cisco vs. Snort William Bradd (Sep 04)
- RE: Cisco vs. Snort Brian Austin (Sep 04)
- Re: Cisco vs. Snort Nicholas Diotte (Sep 04)