RE: IDS vs. IPS deployment feedback

> -----Original Message-----
> From: Richard Bejtlich [mailto:taosecurity@gmail.com]
> Sent: Monday, April 10, 2006 4:31 PM
> To: Andrew Plato
> Cc: focus-ids@securityfocus.com
> Subject: Re: IDS vs. IPS deployment feedback
>
> On 4/10/06, Andrew Plato <andrew.plato@anitian.com> wrote:
> > Yes...SOURCEFIRE customers get those signatures early. They get handed
> > out to the Snort world well after the fact. SourceFire is a commercial
> > company and you must PAY to get their product.
> >
> > In other words - Sourcefire is no different than TP, ISS or any other
> > commercial vendor in this regard. As such, we're all just selling what
> > we know.
>
> Andrew,
>
> You call five days "well after the fact"?  Snort rules are free for
> registered users, by the way.
>
> Here's another difference between ISS and Snort -- I can read Snort
> rules, even those developed by Sourcefire.  Can you point me to the
> place where I can download and review ISS rules, even assuming I am a
> registered owner?  Cisco?  Other?
>
> One of the ways to build trust in a product is to see how it works.  I
> trust Snort more than similar products because I can understand its
> decision-making process.
>
> Richard


NFR was doing this 3 years before Snort existed.  (I guess that makes us
"Other")

:)

-MAB


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------