RE: distributed IDS/sensor network

[Javier Becerra <JBecerra () newnetsa com>]

Hi, I recommend you to evaluate IBM-ISS Proventia IPS instead of IBM-ISS IDS. Several SOC today prefer IPS rather tan 
IDS.

Javier Becerra Garavito
Senior Security Consultant
NewNet S.A.
Tel. (57) 4173400 Ext. 1221
Fax: 57) 4173400 Ext. 136
Móvil: (57) 3105757390
Av. Calle 17 Nº 60-72


-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Ganbold
Enviado el: Miércoles, 11 de Marzo de 2009 11:02 p.m.
Para: Ihor Kravchuk
CC: security-basics () securityfocus com
Asunto: Re: distributed IDS/sensor network

Ihor Kravchuk wrote:
> Hi!
>
> Take a look of IBM ISS Site Protector + IBM ISS IDS Network Sensors
> (up to 1Gb speed) .
> This solution includes event monitoring console, visualization,
> ticketing system and all staff that usually included in enterprise
> level solutions.
>
> The second one is Juniper IDP devices + management server.
> The third one - Cisco IDSM
> The forth one Lancope
>
> sure thing it is not a complete list.

Do you know estimated or average cost of such solution (for small and
medium enterprise)
with 20 nodes for example?

thanks,

Ganbold

> Ihor Kravchuk
>
>
>
> 2009/3/11 Ganbold <ganbold () micom mng net>:
>
> > Hi,
> >
> > My friend is doing small research on the design and
> > implementation of the distributed IDS/sensor network and security
> > operation center. The requirements include but not limited to:
> >
> > *Distributed IDS sensor network (maybe with 20 IDS, honeynet/honeypot)
> > *Real-time monitoring of threats, incidents and attacks (large LCD
> > displays etc)
> > *Watch and warning system (hardware and software)
> > *Security alerting system (hardware and software)
> > *Incident report and response system (web etc)
> >
> > In my opinion some existing open source software solutions like snort
> > might work for IDS for the first time. Or it could be either
> > commercial systems.
> > So here I have a few questions:
> >
> > 1. Can somebody give me some pointers to existing well known
> > distributed IDS/sensor networks and technologies (software/hardware
> > names) that they use?
> > 2. Are there any known real-time monitoring systems around?
> > 3. Are there any well known projects which implements
> > distributed IDS/sensor networks, and real-time monitoring systems?
> >
> > If somebody can give me some names I can further search and
> > find what they are and what technologies they use.
> > I appreciate if somebody can give me some pointers in this regard.
> >
> > thanks in advance,
> >
> > Ganbold
> >
> > --
> > A Smith & Wesson beats four aces.


--
try again

"Este mensaje es confidencial, puede contener información privilegiada y no puede ser usado ni divulgado por personas 
distintas de su destinatario. Si obtiene esta transmisión por error, por favor destruya su contenido y avise al 
remitente. Está prohibida su retención, grabación, utilización o divulgación con cualquier propósito.

Este mensaje ha sido sometido a programas antivirus. No obstante, NewNet S.A. no asume ninguna responsabilidad por 
eventuales daños generados por el recibo y uso de este material, siendo responsabilidad del destinatario verificar con 
sus propios medios la existencia de virus u otros defectos.


--------------------------------------------------------------------------------

This message is confidential and may contain privileged information, it may not be used or disclosed by any person 
other than the individual to whom it is addressed. If obtained in error, please destroy the information received and 
contact the sender. Its retention, recording, use or distribution with any intention are prohibited.


This message has been tested by antivirus software. Nonetheless, NewNet S.A. assumes no responsibility for damages 
caused by the receipt or use of the material, given that it is the responsibility of the addressee to verify by his own 
means the presence of a virus or any other harmful defect."