well free in the cense that it doesn't cost $$ for the software. Granted there is a HW cost, mm probably a couple of hundred $$ AUD. A P166 with 96Mb ram would just nicely, add a couple of nics, and the value might rise to say under $300 AUD.
Compare that to other commercial offerings?

Anyone thinking of running a IDS would require knowledge, regardless of the system they choose! No need to go to SANS, why not read the docs off the snort site?, buy TCP/IP Illustrated, everything you require is there or via google at no cost, not considering time to read it.

>Getting on to Snort. Snort is a great IDS - no question about it. And we've helped a few customers, here and there, >implement it. But, in general the places that implement Snort are not likely to have the money to pay for consultants >like me. In fact, I usually tell folks to take one of the SANS courses if they want to become Snort savvy.

Not necessarily, we have $$ but also the talent.

Then set it up in a distributed fashion logging to a SQL server and whip in ACID and now we have a kick as.s web based IDS solution covering your enterprise.

Yeah sure you need someone skilled to read the alerts generated, but I am sure its the same for any IDS solution. (I only know snort).

Ahh support, usually I can find a answer via the net before the company has time to send out its automated "we'll get back to you" response.

I am not knocking any of the commercial offerings, but if you have the talent in your organization then I see no reason not to go with snort.

cheers

Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coricworkcoverqld.com.au

>>> "Andrew Plato" <aplatoanitian.com> 09/14/02 10:22am >>>
> Snort = Free
> Prelude = Free
> NFR = $$$$$
> Real Secure = $$$$$
> Cisco Secure = $$$$$
> Dragon = $$$$$$$$$
 
Running Snort in an enterprise is hardly "free". Snort has to be run on system(s) and that costs money (even if its a junker sitting around, it still has value.) Moreover, if your company is paying somebody to install, manage, and maintain, a Snort box, that's a cost. And it could be argued that Snort boxes have a considerably higher administration hit since there is no standard rule set and enterprise-wide deployment is very difficult. Then there is the training of the people using that tool. That usually means attending a SANS course - that's $4500 a pop when you add in hotel, flights, rental car, and mini-bar costs (unless you're lucky and have a SANS course come to your town).

Granted, any commercial IDS is going probably cost a bit more over an open source product, but you also get economies of scale. For example, most commercial IDS products have inexpensive training seminars or even web-based seminars that can help teach users. This gets you a massive economy of scale on training. Support costs (and times) can be cut down since there is a centralized support mechanism for these products.

Its easy to analyze cost in a techno-vacuum. But any serious analysis of the cost of ANY technology and especially IDS must consider the related expenses of management, maintenance, training, and support.

------------------------------------
Andrew Plato, CISSP
President / Principal Consultant
Anitian Corporation

(503) 644-5656 office
(503) 201-0821 cell
http://www.anitian.com
------------------------------------

***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland.
The contents of this message are to be used for the intended purpose only
and are to be kept confidential at all times. This message may contain
privileged information directed only to the intended addressee/s.
Accidental receipt of this information should be deleted promptly
and the sender notified.

This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]