Re: Re: Snort versus Cisco IDS [7:62939]

Thu, 13 Feb 2003 09:20:28 -0800 

There are also some very nice prebuilt Snort sensors with a GUI from the
following vendors.

www.sourcefire.com
www.silicondefense.com
www.packetalarm.com


I have had the opportunity to evaluate and configure products from all
three, and they have done an excellent job of bringing Snort to the masses.
Basically, the sensors have a hardened OS (Linux or Solaris) with a creamy
GUI wrapped around it....and of course, Snort in all its glory.  And, no, I
don't get a commission from any of the above...


HTH,

Charles


""Craig Columbus""  wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Having installed and worked with both products, I think that Cisco's
> offering is more comprehensive, but Snort is highly reliable and much
> cheaper.
> It doesn't have some of the features of the Cisco product (dynamic
> shunning), but for most small to medium sized businesses (like the kind I
> work with daily), Snort is more than sufficient given the cost.
> On average, I can install a Snort sensor on dedicated hardware and FreeBSD
> for approximately $1000.  A single Cisco 4210 sensor install costs me
about
> $5600.  If I need to scale to Gbit capability, I can install a Snort
sensor
> for approx. $5000, compared to $18K for a Cisco 4250.
>
> In summary, they're both decent products.  If you need a comprehensive
> system for large enterprise, then Cisco certainly has the edge over
> Snort...at least until you start talking about hardware-based, customized
> snort like that from Silicon Defense.  If you just need a solid IDS for
> small business and don't want to spend a ton of cash, then Snort is a
great
> alternative and is usually my first recommendation.
>
>
> At 05:06 AM 2/13/2003 +0000, you wrote:
> >Someone told me in an authoritative voice today that Cisco doesn't
recommend
> >their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a
> >big part of SAFE?
> >
> >Of course, the person who said this doesn't understand that Cisco is a
huge,
> >chaotic organism, and that saying Cisco does something based on what one
> >person does, doesn't make sense.
> >
> >But I'm just curious, what do you all recommend for intrusion detection?
How
> >do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more
> >complicated, requiring appliances or IDS cards in a switch and a console:
> >
> >Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that
> >runs on UNIX (Solaris and HP-UX)
> >
> >Cisco Secure Policy Manager (v2.2+)Windows NT-based package
> >
> >Thanks.
> >
> >Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62971&t=62939
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to