OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: IDS: Re: Re: IDS Comparision
From: Talisker (Taliskernetworkintrusion.co.uk)
Date: Mon Oct 30 2000 - 16:45:05 CST

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owneruow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
-----------------------------------------------------------------------------
Chris

> Usually in technology space, if a commercial product is not in the
catergory
> of the top 3, they are not typically financially successful and do not
last
> long independantly.
> For example, this is true in the router space.
> Besides, Cisco, not too many people outside of very technical crowd can
name
> the top 5 routers beyond Cisco. Betting your business on the top 5th
> router could be risky. There is unfortunately a herd mentality, but
there's
> some job safety in picking the top products.

Yes minor companies may find it difficult to survive the marketing power of
others, but as their products aren't necesarily inferior I feel that
purchasers should consider them, seeing whether those products are better
suited to them. There is undoubtably a risk in doing so, whether it be
update frequency or company strength, but that risk will (hopefully) enter
into their decision

> Firewalls are another good example. There were 50+ firewall companies
like
> 5 years ago. How many are still independant and viable? The firewall
space
> quickly consolidated. IDS is doing the same now.

Firewalls - sadly as I found to my cost there are still far too many see my
appliances page :o)

> Picking a good IDS vendor, I believe, is even more important than the
> firewall space. Firewalls, once configured properly, do not need alot of
> constant software updating and techsupport, atleast not as much as IDS.
IDS
> by its very nature of needing new algorithms of detecting the latest
attacks
> will require a vendor to be stable long term and able to stay in business
to
> ensure updates. IDS reminds me of the antivirus business model. If your
> antivirus company goes out of business, how long will you stay with that
> antivirus solution before switching to a vendor that is updating their
> solution?

I would hope that a purchaser would look at putting a life expectancy on a
product, whereby in say 2 years he/she re-evaluates the market for a
suitable replacement at the 3 year point, again they have to balance risk vs
cost, they may find that the current product is fine

> So, while picking the top 5th product fits your needs, be careful that the
> company behind it is going to be there for the long term, especially in
IDS.

Agree wholeheartedly

Take care
Andy
http://www.networkintrusion.co.uk
Talisker's Network Security Tools List
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall |
  | Inherit the earth |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo
taliskernetworkintrusion.co.uk

The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.

----- Original Message -----
From: "Klaus, Chris (ISSAtlanta)" <CKlausiss.net>
To: "'Talisker'" <Taliskernetworkintrusion.co.uk>; <idsuow.edu.au>;
<rohanlearhy.el.anl.gov>
Sent: Monday, October 30, 2000 9:59 PM
Subject: RE: Re: IDS Comparision

> Talisker,
>
> Usually in technology space, if a commercial product is not in the
catergory
> of the top 3, they are not typically financially successful and do not
last
> long independantly. For example, this is true in the router space.
> Besides, Cisco, not too many people outside of very technical crowd can
name
> the top 5 routers beyond Cisco. Betting your business on the top 5th
> router could be risky. There is unfortunately a herd mentality, but
there's
> some job safety in picking the top products.
>
> Firewalls are another good example. There were 50+ firewall companies
like
> 5 years ago. How many are still independant and viable? The firewall
space
> quickly consolidated. IDS is doing the same now.
>
> Picking a good IDS vendor, I believe, is even more important than the
> firewall space. Firewalls, once configured properly, do not need alot of
> constant software updating and techsupport, atleast not as much as IDS.
IDS
> by its very nature of needing new algorithms of detecting the latest
attacks
> will require a vendor to be stable long term and able to stay in business
to
> ensure updates. IDS reminds me of the antivirus business model. If your
> antivirus company goes out of business, how long will you stay with that
> antivirus solution before switching to a vendor that is updating their
> solution?
>
> So, while picking the top 5th product fits your needs, be careful that the
> company behind it is going to be there for the long term, especially in
IDS.
>
> > -----Original Message-----
> > From: Talisker [mailto:Taliskernetworkintrusion.co.uk]
> > Sent: Tuesday, October 24, 2000 7:19 AM
> > To: idsuow.edu.au; rohanlearhy.el.anl.gov
> > Subject: IDS: Re: IDS Comparision
> >
> > Rohan
> >
> > The problem with many comparisons is that they tend to only
> > look at the top
> > 4 products however, product 5 may be the product that best
> > meets your needs.
> > Also the testers sometimes leave a lot to be desired eg
> > putting a honeypot
> > against a host IDS in an IDS test
> >
> > My suggestion to you is to look at all that's out there and
> > narrow the field
> > down to what meets your needs then look for reviews on those products,
> > Furthermore, always try them out on your network before
> > buying ideally for a
> > few months, I've been surprised a few times at how a major product is
> > totally unsuited to our
> > network.
> >
> > My website below lists every known commercial IDS, I built it
> > when I was
> > going
> > down the same road as you
> > http://www.networkintrusion.co.uk
> >
> > Also for those that aren't aware a have set up a low volume
> > security-tools
> > notification service, as I am made aware of new or updated
> > tools I pass the
> > info on, I'm currently bundling the tools onto a single weekly email
> > http://www.egroups.com/subscribe/security-tools
> >
> > Good Luck and happy hunting
> > Andy
> > http://www.networkintrusion.co.uk Talisker's comprehensive
> > IDS & Scanner
> > List
> > '''
> > (0 0)
> > ----oOO----(_)----------
> > | The geek shall |
> > | Inherit the earth |
> > -----------------oOO----
> > |__|__|
> > || ||
> > ooO Ooo
> >
> >
> > The opinions contained within this transmission are entirely
> > my own, and do
> > not necessarily reflect those of my employer.
> >
> >
> >
> >
> >
> > ----- Original Message -----
> > From: <rohanlearhy.el.anl.gov>
> > To: <idsuow.edu.au>
> > Sent: Monday, October 23, 2000 9:54 PM
> > Subject: IDS: IDS Comparision
> >
> >
> > > Archive: http://msgs.securepoint.com/ids
> > > FAQ: http://www.ticm.com/kb/faq/idsfaq.html
> > > IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > > HELP: Having problems... email questions to ids-owneruow.edu.au
> > > NOTE: Remove this section from reply msgs otherwise the msg
> > will bounce.
> > > SPAM: DO NOT send unsolicted mail to this list.
> > > UNSUBSCRIBE: email "unsubscribe ids" to majordomouow.edu.au
> > >
> > --------------------------------------------------------------
> > ------------
> > ---
> > >
> > >
> > > Hi All,
> > >
> > > I'm looking for a good comparison of commercial/free IDS
> > systems so our
> > > organization can make an informed decision. Is there any
> > out there?
> > > If so, where can I find it?
> > >
> > >
> > > Thanks,
> > > Dan Rohan
> > > Argonne National Laboratories
> > >
> > >
> >
> >
> >
>