Having installed and worked with both products, I think that Cisco's offering is more comprehensive, but Snort is highly reliable and much cheaper. It doesn't have some of the features of the Cisco product (dynamic shunning), but for most small to medium sized businesses (like the kind I work with daily), Snort is more than sufficient given the cost. On average, I can install a Snort sensor on dedicated hardware and FreeBSD for approximately $1000. A single Cisco 4210 sensor install costs me about $5600. If I need to scale to Gbit capability, I can install a Snort sensor for approx. $5000, compared to $18K for a Cisco 4250.
In summary, they're both decent products. If you need a comprehensive system for large enterprise, then Cisco certainly has the edge over Snort...at least until you start talking about hardware-based, customized snort like that from Silicon Defense. If you just need a solid IDS for small business and don't want to spend a ton of cash, then Snort is a great alternative and is usually my first recommendation. At 05:06 AM 2/13/2003 +0000, you wrote: >Someone told me in an authoritative voice today that Cisco doesn't recommend >their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a >big part of SAFE? > >Of course, the person who said this doesn't understand that Cisco is a huge, >chaotic organism, and that saying Cisco does something based on what one >person does, doesn't make sense. > >But I'm just curious, what do you all recommend for intrusion detection? How >do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more >complicated, requiring appliances or IDS cards in a switch and a console: > >Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that >runs on UNIX (Solaris and HP-UX) > >Cisco Secure Policy Manager (v2.2+)Windows NT-based package > >Thanks. > >Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62959&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]