IMHO, whether or not you use ISS is more dependent on how large of a deployment you are talking about. I have used ISS, Snort (using Acid, Demarc, and Niksun), Niksun, and Cisco IDS solutions and ISS, despite their arrogance and extreme price, IMHO have the only worthy enterprise solution (> 50 sensors).

On the positive side, ISS has a very well thought out enterprise solution that allows the updating of all sensors with just a few clicks, centralized databases, integration of IDS and VA (and if you want to spend the big bucks on fusion, even correlation between the two), incorporation of third party logs (ie, checkpoint and pix firewall logs), customized signatures that follow the snort signature standard (TRONS). If you have a very large deployment, while snort is good (and many solutions for snort are decent), I haven't seen anything that compares to ISS (using the Site Protector solution). There are many companies that are making great strides towards this type of a solution and I expect ISS to start losing market share in the enterprise market (if they haven't already) in the near future.

On the negative side, ISS is very arrogant in their customer service and support. We had a very large deployment that used a non-windows platform for the IDS sensors, only to see in the news (note, not from our account manager, which should say something clearly) that they were dropping all support for Sun, HP-UX, SCO, Nokia platforms in the next month. No end-of-life, no we will support it for a couple of more years, just flat ass dropping support (they have sense wised up and are supporting the platforms for existing products, just no new development). ISS is also horridly expensive (and to get complete functionality with Site Protector you have to pay even more for the fusion module (by ip) for the third party module (by ip) and the other multitude of products. ISS is not for the small wallet. On the technical side, I have seen many instances where ISS still misses events under heavy network load, something they claimed to have fixed.

We are revaluating our association with ISS and will probably move on to another product in the next couple of years after our most recent problems with them. One thing that we have been fairly impressed with is Niksun Netdetectors; however, they are not for the small wallet either, though they have some rather fascinating capabilities. If you have some money to burn, they can burn it fast

We also looked at several other vendors that were very interesting, but their pricing is based on IP and with as many class B's as we have, there was just no way (and they wouldn't adjust their pricing). If memory serves, the one that impressed me the most was Intruvert, but I will have to go back and look at my notes.

Anyway, like most things these days, its a mixed bag.