Intrushield User Experiences Warts 'n' All

["Andy Cuff" <lists () securitywizardry com>]

Hi List Members
I was wondering if anyone could enlighten me with their experiences with
Intrushield IPS, especially in a large environment. I'm especially
interested in (marketeers need not reply):

How easy is it to tune?

What are the false positive rates like?

Can you write custom signatures?

How easy is it to update, both signatures and appliance patches?

How frequently do you receive signature updates?

Does it provide sufficient information for an analyst to resolve an event?

Does it do packet capture:

        a. per event?

        b. rolling?

        c. how easy is it to recover said packets?

What is the support like?

Value Added?

Good points?

Bad Points?

Those more important points that I can't remember right now?

I realise I can get much of the above from the website, but I would like to
hear it from the horses mouth, from practitioners in the field.



   Regards
Andy Cuff
Chief Technology Officer
Computer Network Defence Ltd
http://SecurityWizardry.com
Phone (+44) (0) 7968 608945




--------------------------------------------------------------------------
Stop hurting your network!
 
The NeVO passive vulnerability sensor continuously finds vulnerabilities, 
applications and new hosts without the need for network scanning. 
It also finds compromised systems with application-based intrusion detection. 
Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more.
--------------------------------------------------------------------------