[unisog] IDS Recommendations

dugbrown at email.unc.edu dugbrown at email.unc.edu
Tue Dec 23 13:15:08 GMT 2003


Quoting "Stauffacher, John" <stauffacher at chapman.edu>:

> All,
>
> I have been tasked with evaluating commercial IDS systems (our snort
> array is nice but does not have the "blinky" factor that management
> loves). So what are other people using and how well does it work? I
...
> it must have interchangeable NICs, and some sort of scalability.


Hi John,

For fear of starting some sort of religious argument have you 
considered an IPS system vs. an IDS system?  Without going into 
possibly unnecessary detail I will say that we are using Tipping Point 
(http://www.tippingpoint.com) and have been very happy with the results 
and available functions.  We found the company's claims difficult to 
believe until we tried a unit ourselves and found that it did 
everything they claim, and with the most recent OS release our units do 
even more.  Almost no latency and almost no false positives.  If you or 
anyone else would like additional information please feel free to ask.

Happy Holidays,
-Doug
-- 
Douglas Brown, CISSP
Manager of Security Resources
UNC Chapel Hill
Abernethy 105



More information about the unisog mailing list