BTW, for the record I am personally a big fan of snort. Snort is what I use on my own home network. But then I'm a tech geek with limited funds, so it fits my needs perfectly. ;-)
Regards, Kent On Fri, 2003-02-14 at 10:32, Kent Hundley wrote: > The term "team" was meant to by inclusive of engineers as well as > sales. I can assure you I have talked to many competent Cisco > engineers, some of them who specialize in security, who do in fact > recommend the Cisco IDS to their large clients. > > And yes, salespeople will obviously always push their product. > > Regards, > Kent > > On Fri, 2003-02-14 at 07:15, DeVoe, Charles (PKI) wrote: > > 2) Has never talked to any of the Cisco teams that manage large global > > accounts > > > > Of course these are sales people. Sales people make their livelihood off of > > the sales. So obviously, they will push the product. > > > > Rule 1. Never trust a salesperson. > > Rule 2. Never Believe a salesperson. > > Rule 3. Never forget Rules 1 & 2. > > > > -----Original Message----- > > From: Kent Hundley [mailto:[EMAIL PROTECTED]] > > Sent: Thursday, February 13, 2003 4:39 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Snort versus Cisco IDS [7:62939] > > > > > > On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote: > > > Someone told me in an authoritative voice today that Cisco doesn't > > recommend > > > their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a > > > big part of SAFE? > > > > > > > Whomever told you this: > > > > 1) Is extremely naiive (one Cisco engineer told them something and they > > took it as gospel) > > > > 2) Has never talked to any of the Cisco teams that manage large global > > accounts > > > > I can tell you for a 100% fact that Cisco recommends their IDS very > > actively to their large global customers, I'm working on a Fortune 5 > > account right now and the Cisco team is heavily pushing a Cisco IDS > > deployment. If one of their engineers recommended snort, the AM would > > have them bound and gagged and thrown in a very dark basement. ;-) > > > > > > > Of course, the person who said this doesn't understand that Cisco is a > > huge, > > > chaotic organism, and that saying Cisco does something based on what one > > > person does, doesn't make sense. > > > > > > But I'm just curious, what do you all recommend for intrusion detection? > > How > > > do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more > > > complicated, requiring appliances or IDS cards in a switch and a console: > > > > > > > Cisco IDS is a commercial, fully baked product in the sense that it has > > a lot of bells and whistles for the end-user market. Cisco is also > > developing custom hardware such as blades that slide into a Cat 6500, > > making for easy deployment and the ability to capture and process > > traffic at Gigabit speeds. > > > > Snort is much more of a tech geeks solution, although there are a lot of > > talented people writing code to increase its ease of use such. (things > > like ACID and Demarc) > > > > The bottom line is that snort will do the job in a lot of environments, > > but your going to need to have some very technical people to handle the > > care and feeding of the system. It is an open source solution and > > doesn't come with built-in support other than what you get through > > mailing lists. The Cisco IDS comes with TAC behind it. You pay more > > for more support baked into the process and a large amount of dedicated > > resources working on your issues. (it's the same old open source vs > > commercial product argument) > > > > For small environments where funds are very limited or for environments > > with highly technical but cheap labor (such as universities), snort is > > probably the better solution. For large enterprises, Cisco would > > probably be the better choice. > > > > Of course, YMMV, a lot depends on the environment, , that's my opinion, > > take it with a grain of salt, yada, yada, yada, etc. etc. disclaimer, > > disclaimer... > > > > Regards, > > Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63039&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
