I use snort with ACID. It's not in a GIG environment however. The biggest issue I have with (N)IDS' is the timeliness of the signature updates. With that regard, snort beats all the commercial (N)IDS' hands down. When a new exploit is discovered, a signature for that exploit can be found within a day. Many commercial (N)IDS only update on a quarterly basis, at least the last time I checked. I don't know about you, but I don't feel comfortable allowing someone to try and break in for 3 month before I know it's happening.
> -----Original Message----- > From: Thad Horak [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 28, 2002 5:00 PM > To: [EMAIL PROTECTED] > Subject: IDS Opinions/Experiences > > > Hi all, > > I have a two part question. > > First, I am researching different IDS's on the market. > The potential products is pretty narrow as the network > that they will be deployed on is GIG. So far I've read > up on Dragon, SecureNet GIG, & ISS. Are there any > other NIDS that perform well at near GIG speeds that > anyone would recommend? Any experiences, good or bad, > with the above that you wish to share? > > The second question is if anyone is actively using > StealthWatch. I've been reading their whitepapers on > the "Flow-based" ID and it seems interesting. It > claims to be neither Signature or Anomaly based. I'm > curious how it works in the real world. > > Thanks in advance. > > Thad > > __________________________________________________ > Do You Yahoo!? > Yahoo! Movies - coverage of the 74th Academy Awards� > http://movies.yahoo.com/ >
