How about Intrushield's 10GB sensors? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Scott Sattler Sent: Wednesday, July 21, 2010 07:43 To: 'Curt Purdy' Cc: [email protected] Subject: RE: 10gb
3Com, there is a clear winner in strategic maneuvering....so much for tipping point. Sourcefire leaves a lot of room for improvement in ruleset and traffic identification. I thought the whole snort thing was the greatest until I worked with ISS and some other vendors. Not to mention that if you are a IDS analyst managing large diverse global companies or agencies, or military...have fun with that fun web interface.....(sure you send it all to a magic SIEM so who cares....right that works REALLY well......)and I do admit, ISS can be slow pulling up events once in a while but that sounds like a tuning problem on someones end.... I normally find I can drill down and deal with events much quicker and have a higher "find rate" of unwanted activitiy with ISS. I do not want to write rules in sourcefire that should already exist. There are such gaps in detection of unwanted traffic, in fact, I sure would love someone to post a side by side comparison of signatures detected. I am familiar with the signatures from sourcefire and ISS and to ME, there is a HUGE Disparity in what is identified. I deal with traffic from 40-60 countries daily and I have used both products and I know which ones finds a lot more (making me book high numbers of CSIRT tickets and making me look like a rock star) Although with Palo Alto and Checkpoint having a nice application detection capability, who really needs an IDS/IPS anymore......Rock on Palo Alto.... Scott. -----Original Message----- From: Curt Purdy [mailto:[email protected]] Sent: Wednesday, July 21, 2010 2:32 PM To: [email protected] Cc: [email protected] Subject: Re: 10gb Yes, Proventia & Realsecure have always been my favorite, though I have looked longingly at Tipping Point (at least until they were acquired by 3com then HP) of course even ISS is now pwned by IBM ;) Proventia caught the serverRPC worm while it was still a 0-day (confirmed by Symantec) when it had taken out 10 servers and would have taken out the other 450 windoze servers before the day was out. Though the 150 *NIX servers would have still be running fine of course, even though the network would have been down with all the windoze servers yakking... But any IDS/IPS is going to have a lot of false-positives, which is why, most of the time I feed it straight into a SIM for correlation and just watch that dashboard. Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA [email protected] [email protected] On Tue, Jul 20, 2010 at 8:53 PM, <[email protected]> wrote: > sourcefire? > > > really? > > in a production network.....ask them how their 9800 sensor works > inline....*snicker* > > > I was stuck using sourcefire for the last two client. I so miss ISS..... > > ----------------------------------------------------------------- > Securing Your Online Data Transfer with SSL. > A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e > 1a17f194 > > > ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f1 94 ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
