Native.Code wrote: > Dear all, > > Thanks for valuable input. It was very much appreciated. I kind of get the > impression that Snort is very stable product but it needs a lot of effort > configuring, monitoring and customizing.
This is very true. And, I suspect; it is true of any IDS. If you have any kind of sizable network no IDS can be pre-packaged that will work perfectly for your network. They are all going to need "a lot of effort configuring, monitoring and customizing" if you are going to do it correctly. I don't see how it could be any other way, because, they don't know your network. > We will definitely give it a try. I > assume I did not mention, we will be using Windows binary. Is this as stable > as Linux version? I doubt it would be as stable. Do you have a reason for using a Windows binary? > > Some of you mentioned that many commercial productions are based on Snort. > Can anyone name another product besides those from Sourcefire? If you are looking for something outside of Sourcefire I would consider Sentarus from demarc.com I was really happy with their PureSecure product before they discontinued it. But, when they told us it would be 10X the price to upgrade to Sentarus we started looking elsewhere and ended up with the Sourcefire products with mixed results. (Their RNA software is not even close to what it's cracked up to be.) But, now that Sourcefire has pretty much locked up the signature database, demarc.com has drastically reduced their pricing on their Sentarus product. Kind of underhanded on Sourcefire's part in my opinion. But, business is business I guess. I just thought Marty was above that. -- Mark _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
