RE: Intrushield vs. ISS once more...

I have been asked about those features and what I say is:  
"ISS is fully compatible with Ethereal and TCPDump captured files, you just 
have to turn-on the response for this in the policy (aka LOG EVIDENCE)."  
  
You can also use TRONS, snort's style signatures, or even User Defined 
signatures that uses regex. So you are able to write your own signatures. ;-)  
  
Just to let you all know, before reviewing any IDS/IPS, ask the manufacture 
about the advanced configurations, I can bet that for whoever you ask about, 
they will be glad to assist you as they can.

- nb

Merry Christmas and Happy New Year.
Feliz Navidad y Próspero Año Nuevo.
Feliz Natal e Próspero Ano Novo.

{(!($^O=~/^[M]*$32/i)&&($0=~s!^.*/!!))||($0=~s!.*\\!!)}print$0;

 

-----Original Message-----
From: Murtland, Jerry [mailto:MurtlandJ@Grangeinsurance.com] 
Sent: Monday, December 20, 2004 6:20 PM
To: 'Jacob Winston'; focus-ids@securityfocus.com
Subject: RE: Intrushield vs. ISS once more...


Personally, I reviewed ISS along with Cisco's IDS, NetScreen's and a few 
other's.  Last week I decided on NetScreen because of it's ease of use (just 
like a firewall), and it's compatibility with key software like 
Ethereal/TCPDump.  The amount of information it gives you isn't bad although 
like ISS and a few others, you will get the occasional alert that really just 
doesn't give you enough to go on, so you have to count on other things like 
netscout or a packet sniffing package to do some analysis.

I thought ISS was great also, but I also thought that there were too many steps 
to get things done.  The interface was a little convoluted and you were 
entirely dependant on ISS's X-Force team to write your new signatures. With 
NetScreen's Snort engine, I can write my own signatures.  Not to mention, since 
they were just bought by Juniper, I'm sure their funding for new development 
will surge.  Not trying to sell you on anything, just offering my own opinion 
on what I experienced.

I'm not sold on anyone's technology as far as IPS goes, but I would look for 
the ability to granularly step into that technology when I decided to block 
specific traffic patterns in the future.

Jerry J. Murtland, CISSP



-----Original Message-----
From: Jacob Winston [mailto:jctx09@yahoo.com]
Sent: Friday, December 17, 2004 8:49 PM
To: focus-ids@securityfocus.com
Subject: Intrushield vs. ISS once more...




I have been evaluating Intrushield and ISS but am still unsure on which route 
to take. Does anyone have compelling info on why Intrushield is better or 
vice-versa? Any help is appreciated.



Thank you in advance.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------