OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Williams, Drew (drewINTRUSION.COM)
Date: Wed Apr 04 2001 - 14:09:31 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I wouldn't normally do this, but I'm going to take the "vendor" hat off for
    a moment, and don my "objective" hat . . .

    With the exception of ISS' RealSecure & Marcus' NFR product, the other
    network-based players have all been gobbled up by other vendors (e.g., SW3
    to Memco to Platinum to CA; Internet Tools to AXENT to Symantec; NetRanger
    to Cisco; etc.). And it is true ISS has been the traditional leader in
    network-based IDS since the latter part of the 1990s. However, according to
    their "corporate" initiatives, the perception on the street (at least from
    the customers with whom I have spoken), is that ISS is refocusing (or maybe
    expanding), a lot of business in the Managed Services side. You also have to
    look at some of the work that has been done on the host side of IDS, for
    example, with the Centrax stuff, and not to mention all of those "Hybrid"
    claims of doing both.

    Then there's the whole crop of "newcomers" such as the high-speed IDS
    offerings my company is working on ("SecureNet Pro"), Dragon (now owned by
    Cabletron), and the Black Ice stuff at Network ICE.

    So when you say, "Who are the top three?"--I have to offer up this caveat:
    you can rate "Top Three" by revenue, analyst opinions, market share,
    technology interest--even based on number of "checks and signatures."
    Believe me, a lot of the noise is "Marketeese." I remember when I was with
    AXENT, back in the ITA days, Our objectives included trying to convince the
    market analysts we were working with, that it was a good idea to lump IDS
    and VA together, so that we could leverage the combined "solution to boost
    marketshare for our host-based IDS.

    So IMHO, take a conservative approach, look over some of the third-party
    evaluation results (such as Greg Shipley's annual evaluation of IDS tools
    and capabilities), and talk to buyers. IDS tools are often developed along
    either technology lines (e.g., faster, but not necessarily more deployable,
    or more secure, but not necessarily faster, or with the ability to do
    interesting things, like content inspection or packet reassembly, but not
    necessarily scalable, etc.), or by market-drivers (cool dashboard GUI, raw
    number of signatures, ported from one platform to the next, etc.).

    Again, IMHO