Slashdot Mirror

← Back to Stories (view on slashdot.org)

Future Of IDS

Posted by Hemos on from the where-will-development-go dept.

A reader wrote to us about a summary article regarding IDS ? . This is an interesting article in so far as it attempts to prognosticate what the future will be for detection, and that draws in some interesting work on security modelling. T: Readers may also want to see this vnunet article on IDS products -- guess what comes out on top?

3 of 125 comments (clear)

  1. Large scale correlation by pdqlamb · · Score: 4, Interesting

    I wonder if the author would credit things like my NetWatchman or Security Focus's Aris as large scale correlation efforts? I know it would probably be tough to get much more specific, as you could generate a huge amount of traffic trying to correlate every wierd package that hit many boxes.

  2. Managers Like Names... by NetJunkie · · Score: 4, Interesting

    I'm about to deploy an IDS system at my work. When I met with the director and CIO about this they asked for recommendations, of course. I first suggested Snort. It's free, it works well, and I had used it before. But, since it didn't have someone standing behind it, the CIO wasn't interested. They rather spend $20K on another product. To them it is more important to be able to say "Hey, we were using product X from company Y! Don't blame us!" if something goes wrong.

    In places where the budget is a bigger concern I still implement Snort. I can't possibly afford to stick a commercial product on every subnet that I'd like to.

  3. CEO's like $$$ by jabbo · · Score: 4, Interesting

    That made it pretty damn easy for me to push Snort where I work.

    Only choads that are getting kickbacks from manufacturers are going to push for overpriced commercial solutions in shops that don't have an existing IDS installation or a compelling reason to use the packaged solutions (NetRanger, OpenView, their ilk).

    A packet is a packet... NFR and Snort are both designed by well-respected engineers who are more interested in accuracy and correctness than in unit shifting. I trust them for that.

    When you get right down to it, unless you're rolling in dough, why blow $20,000 per management station plus consulting costs to implement something your network administrator can probably set up in a week for free? (I know I can) It's stupid. Save the cash for your coke dealer or a rock for the missus.

    --
    Remember that what's inside of you doesn't matter because nobody can see it.