Eric/James, The other side of this is also obtaining a centralized console or management platform that can manage all of the layered devices. When I could'nt find a product to do what I needed to manage the devices I decided to write a console that would work with the products that I was using at the time (Snort, Intruvert, Pix, Checkpoint, IPTables, Linux, Windows workstations, etc). The key in making the data useful is finding a way to integrate all of the data into a display that makes sense for the environment. In many cases off the shelf products can't meet the individual proferences of the individuals monitoring your security environment. I cant count the number of times I have had to roll my own console to manage a particular environment.
Kevin Wetzel ISP Toolz Lead Developer http://www.isptoolz.com/ > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi James, > > You bring up a good point. Yes, their are no up-front costs with Snort, > rather, cost in managing the people you would need to hire to manage the > large numbers of sensors, train them on the signature syntax, and > numerous other things. > > However, with organizations that don't have the budget for the more > expensive, COTS (Commercial off-the-shelf) IDS/IPS solutions, Snort > SHOULD be a viable and less cost-prohibitive alternative to them. > > Solutions, such as ours, the Applied Watch Command Center, gives > organizations who want to use Snort as an alternative, the enterprise > GUI and Snort ruleset management capability they expect from those more > expensive solutions. We offer a face-lift to the popular open source > projects, such as Nessus, Snort, Snort-Inline, LaBrea Tarpit, ClamAV, > and more. > > I'm seeing a fundamental shift happening within the Enterprise of > commercial security solutions either being abandoned or even augmented > by open source software, such as Snort. > > I'm sure you're familiar with the SANS "Defense in Depth" approach to > security -- multiple layers. Organizations are practicing this. We see > companies and federal/military with ISS, Enterasys, TopLayer, and > others, but also add Snort to the mix. Where one lacks, the other doesn't. > > This is a REALLY good topic you brought up. So yes, you are correct, > their is this perception that if an organization uses Snort, the > up-front costs are $0 but the manpower is where the money would be > spent. As products like the Applied Watch Command Center surface, this > will be less of an issue, making open source finally an enterprise-grade > option. > > > > Best Regards, > > Eric Hines, GCIA, CISSP > CEO, President > Applied Watch Technologies, LLC > > > - --------------------------------------------- > > Eric Hines, GCIA, CISSP > CEO, President > Applied Watch Technologies, LLC > 1095 Pingree Road > Suite 213 > Crystal Lake, IL 60014 > Toll Free: (877) 262-7593 ext:327 > Direct: (847) 854-2725 ext:327 > Fax: (847) 854-5106 > Web: http://www.appliedwatch.com > Email: [EMAIL PROTECTED] > > - -------------------------------------------- > > "Enterprise Open Source Security Management" > > > James Harless wrote: >> I see a lot of discussion on this list to be about larger, more >> established >> IDS/IPS solutions. I'm just wondering if anyone has experience with >> smaller >> commercial IDS devices like the Symantec 7100 series? If so, what did >> you >> think? What were you comparing it to? >> >> Many of my clients are too small to afford the more expensive IDS >> offerings. >> And, the perception can be (correct or not is irrelevant) that SNORT >> simply >> shifts the up-front costs to the management phase. I guess, if you feel >> this is incorrect, I'd be interested in your thoughts on this, too. >> >> James Harless >> >> >> ------------------------------------------------------------------------ >> Test Your IDS >> >> Is your IDS deployed correctly? >> Find out quickly and easily by testing it >> with real-world attacks from CORE IMPACT. >> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 >> to learn more. >> ------------------------------------------------------------------------ >> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.2 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFERWwdbOqF2QHgUK0RAtD4AJ0bf/VTehXOyhVPXq3f/K3dZy72JACgvs4P > Y/FMOKiKtcslpeeJtYOsu0I= > =zJmt > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > Kevin Wetzel ISP Toolz Consulting http://www.isptoolz.com/ Phone: (202)558-4061 Fax: (202)478-0781 ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
