IDS mailing list archives
RE: Radware DefensePro vs McAfee Intrushield vs TippingPoint UnityOne
From: Julius Detritus <julius.detritus () ifrance com>
Date: Wed, 29 Sep 2004 06:55:54 +0200
Hi,
Have anyone experience with these systems? What are the Pros & Cons?
We have tested Radware, McAfee and TippingPoint products in order to secure our SOC. Our needs where mainly : - Intrusion detection/prevention - DoS/DDoS protection and Bandwidth management - Scalability - Performance We tested the following systems : - Radware DefensePro / AS3 + Stringmatch engine - McAfee IntruShield 4000 - TippingPoint UnityOne 2400 In terms of Intrusion Detection and Prevention those three products behave quite the same : good signature base, very low false positive rate and "acceptable" false negative rate. For DoS and DDoS protection the Radware product appeared to be the best solution based on : - SYN Cookies for SYN Floods attacks - signature + trfaic sampling based (stream anomaly analysis) for DDoS. What is more the Bandwidth Management feature is very powerfull (quite normal as it is one of Radware original core business) and allows to isolate attacks so that all your links don't get flooded. Scalability really depends on your needs. We needed to secure 4 segments at first. Only Radware and Tippingpoint products provided enough segment protection in a single product. However Tippingpoint was limited to 4 segmentsn which wouldn't allow us to add new segments with the same box. Radware supports 8 segments which would, at last make a lower cost/segment. Last the DefensePro with AS3 and Stringmatch engine hardware gave better results in terms of latency as well as stability (...), as far as we could simulate up to 200 Mbps of trafic mixing legitimate trafic, real intrusion attempts, SYN Flood, portscan and "strange" packets. Once again these results are not surprising as Radware uses the same hardware platform (AS3) than for other products of its core business + a specific hardware (stringmatch) for signatures analysis. My 0,02$ Julius ___[ Pub ]____________________________________________________________ Inscrivez-vous gratuitement sur Tandaime, Le site de rencontres ! http://rencontre.rencontres.com/index.php?origine=4 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: Radware DefensePro vs McAfee Intrushield vs TippingPoint UnityOne Julius Detritus (Sep 30)