IDS mailing list archives
Help in evaluating Inline IDS/IPS solution
From: Ravi <ravivsn () roc co in>
Date: Thu, 05 Jun 2003 10:10:57 +0530
Hi,My company plans to resell the Network Inline IDS/IPS solution to our customers and support customer. I was given task of evaluation of different solutions in the market. There are some questions asked by our customers and I would like to keep these in mind while
evaluating the IDS solutions.Do IDS vendors really test the signature against the vulnerable applications, hardware platform of the application and version of application before releasing the signature? Do the IDS vendors claim this? If so, what is it I need to look for?
From sensor technology perspective, I find that all the vendors seems to be having similar capabilities. But, I am trying to see the continued support on new attacks
and vulnerabilities found.One vendor claims that they have 5 dedicated analysts looking at the vulnerabilities and updating signatures (if needed). Another vendors claims that they have more than 20 analysts doing this job. Can this be considered in my eval? Is it that other
vendor exaggerating the number of resources they have for this job. Performance:What is the best metric to look for? I feel HTTP1.0/1.1, SMTP, IMAP, NNTP, TELNET, POP3 connection rate and UDP throughput for different sizes is good
metric. Is there anything should I look for?Are there any labs, which provide testing facilities for testing IDS/IPS with latest vulnerabilities and with real vulnerable applications? I am really looking for lab which provides facilities and allows us to test the IDS/IPS solution on regular basis.
Thanks Ravi -- The views presented in this mail are completely mine. The company is not responsible for whatsoever. ------------------------------------------------------------------------ Ravi Kumar CH Rendezvous On Chip (i) Pvt Ltd Hyderabad, India Ph: +91-40-2335 1214 / 1175 / 1184 ROC home page <http://www.roc.co.in> ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME?IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2
-------------------------------------------------------------------------------
Current thread:
- Help in evaluating Inline IDS/IPS solution Ravi (Jun 04)
- Re: Help in evaluating Inline IDS/IPS solution Stephen Samuel (Jun 05)
- Re: Help in evaluating Inline IDS/IPS solution Lance Spitzner (Jun 05)
- RE: Help in evaluating Inline IDS/IPS solution Brian Laing (Jun 05)
- Re: Help in evaluating Inline IDS/IPS solution Srinivasa Rao Addepalli (Jun 06)
- Re: Help in evaluating Inline IDS/IPS solution SecurityFocus (Jun 09)
- <Possible follow-ups>
- RE: Help in evaluating Inline IDS/IPS solution Golomb, Gary (Jun 05)