Link to home
Start Free TrialLog in
Avatar of hoaivan
hoaivan

asked on

compare current Intrusion Detection System !

there's many IDS: snort, Cisco IDS, RealSecure, NetProwler, Dragon, etc...
please experts, tell me their features; comparing their abilities, their strengths, their weakness.
thanks.
Avatar of Tim Holman
Tim Holman
Flag of United Kingdom of Great Britain and Northern Ireland image

Do you really need IDS ?
It's a forensics tool, and although a very useful part of the security picture, it won't actually prevent intrusions without weeks worth of tuning and false positive removal...  and even then, I would not trust an IDS with upstream ACL modification and TCP reset ability not to do anything with my genuine traffic !
If you want to prevent intrusions, rather than detect (and notice a few days later), then you need an IPS.
Look at the IPS 5500 from TopLayer for example - www.toplayer.com.  :)

Avatar of hoaivan
hoaivan

ASKER

i just do some researches on IDS, not for choosing which product to buy/use.
and i wanna have a perspective of ids products.
ASKER CERTIFIED SOLUTION
Avatar of Tim Holman
Tim Holman
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
sounds like a very general question. So: do you have any problems keying in IDS in yur favorite search engine?
Or what else do you expect as answer?