Juniper, CISCO, McAfee have open or semi-open signatures. And if you have a big problem with a signature I think that if you call the tec support of the other two big players (ISS and TippingPoint) they will help you out with some confidential information about a specific signature.
Also, AFAIK, in ISS you can use Snort syntax or similar to create your own signatures (I guess they call it TRONS ;) ) Free to recreate all the Snort sigs. BTW, why Snort is called lightweight IDS on SNORT.ORG page? Thanks, Mike -----Original Message----- From: Richard Bejtlich [mailto:[EMAIL PROTECTED] Sent: April 10, 2006 4:31 PM To: Andrew Plato Cc: [email protected] Subject: Re: IDS vs. IPS deployment feedback On 4/10/06, Andrew Plato <[EMAIL PROTECTED]> wrote: > Yes...SOURCEFIRE customers get those signatures early. They get handed > out to the Snort world well after the fact. SourceFire is a commercial > company and you must PAY to get their product. > > In other words - Sourcefire is no different than TP, ISS or any other > commercial vendor in this regard. As such, we're all just selling what > we know. Andrew, You call five days "well after the fact"? Snort rules are free for registered users, by the way. Here's another difference between ISS and Snort -- I can read Snort rules, even those developed by Sourcefire. Can you point me to the place where I can download and review ISS rules, even assuming I am a registered owner? Cisco? Other? One of the ways to build trust in a product is to see how it works. I trust Snort more than similar products because I can understand its decision-making process. Richard ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
