OT: Re: Snort versus Cisco IDS [7:62939]

Thu, 13 Feb 2003 06:40:01 -0800 

Having installed and worked with both products, I think that Cisco's 
offering is more comprehensive, but Snort is highly reliable and much
cheaper.
It doesn't have some of the features of the Cisco product (dynamic 
shunning), but for most small to medium sized businesses (like the kind I 
work with daily), Snort is more than sufficient given the cost.
On average, I can install a Snort sensor on dedicated hardware and FreeBSD 
for approximately $1000.  A single Cisco 4210 sensor install costs me about 
$5600.  If I need to scale to Gbit capability, I can install a Snort sensor 
for approx. $5000, compared to $18K for a Cisco 4250.

In summary, they're both decent products.  If you need a comprehensive 
system for large enterprise, then Cisco certainly has the edge over 
Snort...at least until you start talking about hardware-based, customized 
snort like that from Silicon Defense.  If you just need a solid IDS for 
small business and don't want to spend a ton of cash, then Snort is a great 
alternative and is usually my first recommendation.


At 05:06 AM 2/13/2003 +0000, you wrote:
>Someone told me in an authoritative voice today that Cisco doesn't recommend
>their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a
>big part of SAFE?
>
>Of course, the person who said this doesn't understand that Cisco is a huge,
>chaotic organism, and that saying Cisco does something based on what one
>person does, doesn't make sense.
>
>But I'm just curious, what do you all recommend for intrusion detection? How
>do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more
>complicated, requiring appliances or IDS cards in a switch and a console:
>
>Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that
>runs on UNIX (Solaris and HP-UX)
>
>Cisco Secure Policy Manager (v2.2+)Windows NT-based package
>
>Thanks.
>
>Priscilla




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=62959&t=62939
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to