Backing up what Craig said, Snort is probably better performing in terms of cost/performance than almost all the IDSes out there, including Cisco. It does not have a end to end solution to make one's life easier though, at least not out of the box.
Of course, you will need some sort of a unix background to set it up, and I do not mean installing Solaris with GUI tools. Pretty easy to anyone who has worked with a FreeBSD or a Linux box (without using GUI all over the place and/or rpms everywhere). The idea of no GUI is probably quite daunting to "enterprise" level engineers. You COULD make it have a lot of the "enterprise level" features, but it requires a lot of work on your part, and of course no commercial support, so you are on your own. (So, add this to your end cost...) If you want a GUI frontend to snort, you can try Demarc, or what they call themselves "PureSecure" now. There are also some freeware analyzers, but Demarc/PureSecure is definately one of the nicest ones. Albeit, it had some bugs, fortunately since they give you their cgis, if you know some perl, you can patch it yourself before they get around to it. (unless they changed this behavior, the last I used was 1.05). Puresecure DOES charge for commercial usage, which I suppose puts a damper on it. Their licensing is a bit ridiculous. However, the pricing should still be very competitive. It's a mixed bag, but if you know your Unix, seems like Snort is a much cheaper (if you know Unix and programming very well, the disadvantages aren't that big) IDS solution. If you don't, oh well, like all things in life, pay the price for one's ignorance. :) > Someone told me in an authoritative voice today that Cisco doesn't recommend > their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a > big part of SAFE? > > Of course, the person who said this doesn't understand that Cisco is a huge, > chaotic organism, and that saying Cisco does something based on what one > person does, doesn't make sense. > > But I'm just curious, what do you all recommend for intrusion detection? How > do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more > complicated, requiring appliances or IDS cards in a switch and a console: > > Cisco Secure IDS DirectorHP OpenView Network Node Manager "plug-in" that > runs on UNIX (Solaris and HP-UX) > > Cisco Secure Policy Manager (v2.2+)Windows NT-based package > > Thanks. > > Priscilla -Carroll Kong Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=62966&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]