I do believe it is in the best interest of the Cisco engineers to also push their products.
-----Original Message----- From: Kent Hundley [mailto:[EMAIL PROTECTED]] Sent: Friday, February 14, 2003 10:35 AM To: [EMAIL PROTECTED] Subject: RE: Snort versus Cisco IDS [7:62939] The term "team" was meant to by inclusive of engineers as well as sales. I can assure you I have talked to many competent Cisco engineers, some of them who specialize in security, who do in fact recommend the Cisco IDS to their large clients. And yes, salespeople will obviously always push their product. Regards, Kent On Fri, 2003-02-14 at 07:15, DeVoe, Charles (PKI) wrote: > 2) Has never talked to any of the Cisco teams that manage large global > accounts > > Of course these are sales people. Sales people make their livelihood off of > the sales. So obviously, they will push the product. > > Rule 1. Never trust a salesperson. > Rule 2. Never Believe a salesperson. > Rule 3. Never forget Rules 1 & 2. > > -----Original Message----- > From: Kent Hundley [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 13, 2003 4:39 PM > To: [EMAIL PROTECTED] > Subject: Re: Snort versus Cisco IDS [7:62939] > > > On Thu, 2003-02-13 at 00:06, Priscilla Oppenheimer wrote: > > Someone told me in an authoritative voice today that Cisco doesn't > recommend > > their IDS. They recommend Snort. Is this really true? Isn't Cisco's IDS a > > big part of SAFE? > > > > Whomever told you this: > > 1) Is extremely naiive (one Cisco engineer told them something and they > took it as gospel) > > 2) Has never talked to any of the Cisco teams that manage large global > accounts > > I can tell you for a 100% fact that Cisco recommends their IDS very > actively to their large global customers, I'm working on a Fortune 5 > account right now and the Cisco team is heavily pushing a Cisco IDS > deployment. If one of their engineers recommended snort, the AM would > have them bound and gagged and thrown in a very dark basement. ;-) > > > > Of course, the person who said this doesn't understand that Cisco is a > huge, > > chaotic organism, and that saying Cisco does something based on what one > > person does, doesn't make sense. > > > > But I'm just curious, what do you all recommend for intrusion detection? > How > > do Snort and Cisco IDS compare? I guess Cisco's solution is a bit more > > complicated, requiring appliances or IDS cards in a switch and a console: > > > > Cisco IDS is a commercial, fully baked product in the sense that it has > a lot of bells and whistles for the end-user market. Cisco is also > developing custom hardware such as blades that slide into a Cat 6500, > making for easy deployment and the ability to capture and process > traffic at Gigabit speeds. > > Snort is much more of a tech geeks solution, although there are a lot of > talented people writing code to increase its ease of use such. (things > like ACID and Demarc) > > The bottom line is that snort will do the job in a lot of environments, > but your going to need to have some very technical people to handle the > care and feeding of the system. It is an open source solution and > doesn't come with built-in support other than what you get through > mailing lists. The Cisco IDS comes with TAC behind it. You pay more > for more support baked into the process and a large amount of dedicated > resources working on your issues. (it's the same old open source vs > commercial product argument) > > For small environments where funds are very limited or for environments > with highly technical but cheap labor (such as universities), snort is > probably the better solution. For large enterprises, Cisco would > probably be the better choice. > > Of course, YMMV, a lot depends on the environment, , that's my opinion, > take it with a grain of salt, yada, yada, yada, etc. etc. disclaimer, > disclaimer... > > Regards, > Kent Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63378&t=62939 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
