Intrusion Detection

Discussion in 'Computer Security' started by News, Jul 8, 2003.

  1. News

    News Guest

    Anyone used either Security Metrics or RealSecure by ISS? If so I'd love to
    hear your opinions regarding ease of use, effectiveness, false positives...

    Thanks

    (email won't work, please post replies here)
     
    News, Jul 8, 2003
    #1
    1. Advertisements

  2. positives...

    I use RealSecure at our work. I have the desktop product, server sensor, and
    a network sensor. Personally, I love RS. Its arguably one of the best IDS
    engines on the market. Extremely accurate and capable. However, the learning
    curve on RS is rather steep. The documentation is awful (full of errors and
    omissions). So if you go with RS, plan to spend some ramp up time or hire a
    consultant.

    That much said, I have been able to do some really great things with RS. For
    example, we use RS Desktop and I've tweaked it to prevent users from
    accessing web sites and logging their chat usage. Although it wasn't
    designed for that, when you get under the covers of RS, there are a lot of
    excellent features.

    The other IDS I would look at is Sourcefire. Its the commercialization of
    Snort. I demo'ed it a while back. Good system. A bit limited in its reach,
    but very accurate.

    I've never used Security Metrics. I did look at ManHunt (crap), NFR (crap),
    and Cisco IDS (complete POS) and was unimpressed with all of them. ManHunt
    looks great, but the IDS engine sucks ass.

    Alex
     
    Alexander Delarge, Jul 9, 2003
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.