IDS mailing list archives
RE: TippingPoint vs. Intrushield
From: "Bob Walder" <bwalder () spamcop net>
Date: Wed, 14 Jul 2004 16:08:20 +0200
Paul, Interesting that you should infer that TippingPoint "won" the latest NSS shootout, since we didn't come up with a clear winner overall. In fact we tend not to do that, since each product could have different applications in different environments. Read the report (www.nss.co.uk), and decide for yourselves which of the performance metrics and the features apply to your environment. For example: 1. You might only want to protect a single 500Mbps link - therefore you might be paying over the odds by looking at these two solutions only. 2. You might never have more than 5000 new connections per second hitting your Web servers, therefore the ability to go way beyond that and still detect 100% of all attacks - whilst impressive - is probably not worth paying for. 3. The ease of policy definition for which we praised Tippingpoint might not mean a thing to you - it is one of the features that caused us to rate it highly ALL OTHER THING BEING EQUAL, but you might weight it lower than we did 4. You might have need of the Virtual IDS capabilities offered by IntruShield - this is currently the only product we have tested which offers anything like that. If you need the ability to define and apply multiple discrete security policies right down to individual host level and yet supported on a single port pair then IntruShield is your only option right now 5. Policy enforcement might be as important to you as intrusion detection/prevention - in which case the Juniper (NetScreen) offering would be of interest 6. You might like the way ISS correlates its vulnerability scanner data with alerts from the IPS in order to raise or lower alert priorities - if that is important to you, ISS should be high on your list (and neither of the expensive boxes could do that when we looked at them) Etc, etc, etc..... These are just EXAMPLES, *NOT* concrete recommendations - try to come up with some that apply to your environment and then read the report so see if anything fits the bill. In other words we try not to run a few tests, draw a line on a graph and declare winners and losers. Most products have some USPs that may or may not be important to you. We try to bring those out in the report too. Oh - and don't believe everything those sales guys tell you. They take our reports too and pull out JUST the bits that make their products look good when they slap the "facts and figures" in front of you. I know of one high-profile vendor (who shall remain nameless) whose sales guys were going round saying that one of its main competitors could not do proper protocol analysis because their engine was "based on Snort" - something that is clearly untrue when you look closely, and can be discerned as such just by reading our report. Use our reports to enable you to ask the sales guys some hard questions, and hopefully to narrow down your short-list, but at the end of the day you will probably still need to do some real testing in your own network Regards, Bob Walder Director The NSS Group
-----Original Message----- From: Paul Schmehl [mailto:pauls () utdallas edu] Sent: 13 July 2004 16:08 To: Jacob Winston; focus-ids () securityfocus com Subject: Re: TippingPoint vs. Intrushield --On Tuesday, July 13, 2004 03:22:36 AM +0000 Jacob Winston <jctx09 () yahoo com> wrote:I am trying to decide which IPS to buy. I read thatTippingpoint wonthe latest NSS shootout but Intrushield seems to have wonevery othershootout before that. Has anyone used either one before? My Intrushield rep says that Tippingpoint doesn't have asmany detectionmethods as Intrushield but I can't find a listing of what methods Tippingpoint does have. Any info is appreciate. Thank you.We testing Tippingpoint and were very impressed with it. We have not tested Intrushield. I know of three places that are using Tippingpoing and are extremely happy with it. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/ir/security/ ------------------------------------------------------------- ------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_0
40708 to learn more. ------------------------------------------------------------------------ -- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- TippingPoint vs. Intrushield Jacob Winston (Jul 13)
- Re: TippingPoint vs. Intrushield Paul Schmehl (Jul 13)
- Re: TippingPoint vs. Intrushield Derek Nash (Jul 14)
- Re: TippingPoint vs. Intrushield Andy Cuff (Jul 14)
- Re: TippingPoint vs. Intrushield Andy Cuff (Jul 14)
- Re: TippingPoint vs. Intrushield Justin . Ross (Jul 15)
- Re: TippingPoint vs. Intrushield Darren Bounds (Jul 20)
- RE: TippingPoint vs. Intrushield Alan Shimel (Jul 22)
- <Possible follow-ups>
- RE: TippingPoint vs. Intrushield Bob Walder (Jul 14)
- RE: TippingPoint vs. Intrushield Paul Schmehl (Jul 15)
- Re: TippingPoint vs. Intrushield Paul Schmehl (Jul 13)