[Dshield] IPS/IDS solutions--your opinions?

[CunningPike]

<rant>

The direction this thread is taking is the most depressing thing I've 
read in quite some time. At the age of only 40, I feel like I'm a 
dinosaur - a relic of an age where computer technicians _had_ to know 
the inner workings of the systems they looked after, _had_ to be able to 
analyze problems using knowledge of how "low-level" things like TCP and 
RFCs actually worked, and _had_ to craft solutions themselves, making 
the tools and acquiring the skills to do so themselves if need be.

We're _supposed_ to be whizzes = it's part of the craft. Being a 
competent computer technician/engineer/whatever is no less difficult 
than being a competent member of any skilled trade - you are expected to 
understand what you are doing and be able to fabricate safe and 
compliant solutions to problems as you encounter them.

</rant>

CP

Varine, Brian R SFC NG NG wrote:
> I love Snort but I don't have time to write Perl scripts and hack out
> unique fixes. Sourcefire and others are great because no one spends
> enough on people to really do what you need. That means I need to get
> something that an analyst can take care of and if it's too big for
> them, they can get help from dedicated enterprise IT types. It'd be
> great if I could find a team of 5 that knows how to fly an IDS, react
> to incidents, and be a whiz at Perl for the price most clients are
> willing to pay. Even then, with turnover being what it is, can I
> expect the next guy to really understand what the previous guy has
> done with his Perl scripts? Probably not.
>