I work for Cisco (as you can clearly read below), but I promise not to
spread any FUD...

Simply relying on the experience you've had with a single client and the
Cisco IDS with claims like you've made don't really say much. The design,
implementation, and configuration of the IDS makes a huge difference in what
you're going to detect. I've implemented a lot of our appliances, and have
had great experiences. Of course, I'm supposed to say that, right?
However, I wouldn't post if I didn't feel this way.

An important thing to keep in mind when evaluating products is the ability
to reach technical support, 24 hours per day, 365 days per year. This is
something Cisco does better than anyone else, and is a big part of why
customers use our products.

Gary Halleen
Systems Engineer, Security and Wireless
Northwest Specialists Region

Cisco Systems, Inc.
5300 SW Meadows Road, Suite 300
Lake Oswego, OR 97035
Phone: 503.598.7134 / FAX 503.598.7199
Internet: garycisco.com

-----Original Message-----
From: Ralph Los [mailto:RLosenteredge.com]
Sent: Tuesday, February 26, 2002 2:03 PM
To: 'Rich Webster'; focus-idssecurityfocus.com
Subject: RE: Bake off

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rich,

        I can safely say from experience that Cisco's product is not a good
way to go. I just finished a penetration test on a client, who had
Cisco's IDS in place. The unfortunate fact is that their system
didn't see any more than 10% of the things we threw at their network,
including fragmented packets, out-of-sequence packets, and other
various things I can't disclose. But that's the basics.
        I use ISS here as a primary partner, so I'm sort of biased towards
their products only that I've used them the most - my focus has been
on the networkICE stuff. Never had the pleasure of using EnteraSys -
but their "accounting problems" have them as questionable in my book.

Take that as you will - just a simple consultant's opinions.

Cheers,

- ----------------------------------------|
Ralph M. Los
Sr. Security Consultant and Trainer
          EnterEdge Technology, L.L.C.
          rlosenteredge.com
          (770) 955-9899 x.206
- ----------------------------------------|

::-----Original Message-----
::From: Rich Webster [mailto:rwebsterthrupoint.net]
::Sent: Tuesday, February 26, 2002 10:44 AM
::To: focus-idssecurityfocus.com
::Subject: Bake off
::
::
::
::
::Hey Folks,
::I'm looking for real world advice to help select an IDS
::appliance for my client. I am comparing Enterasys,
::Cisco and ISS. I am looking for a distinct advantage,
::a differentiator to help make the choice. The vendors
::can sow quite a bit of FUD. (Fear, Uncertainty, &
::Doubt) I am hoping that you folks might be able to
::clear some of the fog. If you feel this discussion is
::not appropriate for the list please respond directly to
::me. Thank you for you help. Rich
::

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1.1

iQA+AwUBPHwFmdfQPveTWZDtEQJUGwCgsx9qsi9Bq6QrjVOecTKrhIqLLy4AmMs1
3uefiRqA0GtL+XxPDKQYDwc=
=CjTC
-----END PGP SIGNATURE-----

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]