Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1434
Views
8
Helpful
5
Replies

IDSM-2 vs Snort

alain.bider
Level 1
Level 1

‎01-30-2005 05:52 AM - edited ‎03-10-2019 01:15 AM

Hi,

I have a customer which has 6 cat6500 in the core and is looking for an ids solution.

Beside the idsm-2 he wants to evaluate snort. As i have no experience on that product i'm advised on your help/input:

-Pros/cons

-where to deploy ids sensors

-is snort interoperable with CW??

Thansk for your feedback

Alan

Labels:
0 Helpful
5 Replies 5

rburkholder
Level 1
Level 1

‎01-31-2005 06:42 AM

Perhaps info can be found in the book represented by:

http://booksmatter.com/b0072229543.htm

Or perhaps the presentation at

http://www.ciscoexpo.gr/2003/download/19/b2/CISCO_MARCO_MISITANO.pdf

might be helpful.

As for first hand knowledge, I can't help. I have some snort experience, so if someone has idsm experience perhaps we can compare notes.

0 Helpful

alain.bider
Level 1
Level 1
In response to rburkholder

‎01-31-2005 07:31 AM

Thanks, the presentation helps about where positionning sensors, but that's about it...

I'm more interested in pros&cons of deplyoing idsm2 vs snort, can snort sniff trunks or is it limited to 1 vlan, performance comparison,...

Also i'm looking for some information on SIMS. If deployed what kind of info can be correlated from snort....

regards,

Alan

0 Helpful

dewman03
Level 1
Level 1
In response to alain.bider

‎02-03-2005 10:25 PM

I got the chance to use a snort based appliacne by "sourcefire" and was pretty impresed by it. I have a few cisco ids appliances currently, and while i liked the familiar interface of the cisco, the snort based device was very verbose. The sourcefire appliance is also able to sniff trunks and report on all our vlans like the cisco. It gave links to definitions of the signatures and had quite a few selectable signatures.You can sort be severity of signature and generate reports with graphs. Sourcefire also makes an "RNA sensor" which is really cool.

0 Helpful

jboyer
Level 1
Level 1

‎02-04-2005 01:25 PM

Snort is a great product but since this customer already has cat6500 switches, the idsm2 is going to be the best performance, and most flexible. The biggest advantage it will have over snort is the active response mechanisms. Combined with VMS and optionally Threat Response they can shun via pix firewalls or dynamically modify ACLs on Cisco routers to thwart attacks. They may want to mix in IDS42xx sensors at edges of their network, they can all be managed together via VMS and TR.

Snorts one and only advantage will be less $$$.

a.arndt
Level 3
Level 3
In response to jboyer

‎02-07-2005 09:34 AM

I agree with Jeff Boyer that the IDSM-2 is the better solution, as it is ultimately more flexible.

IMHO, the bigger deal here is the fact that an IDSM-2 works in a totally different manner than

Preview file
77 KB
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card