IDS mailing list archives
RE: Intrushield User Experiences Warts 'n' All
From: "Brian Smith" <bsmith () tippingpoint com>
Date: Wed, 27 Apr 2005 10:56:11 -0500
Andy,
If you're thinking of using the IntruShield IPS in inline/blocking mode,
you may also want to ask if the deployment was using an outside tap, the
builtin tap, or inline blocking, as the user experience may vary based
on the mode of deployment.
Brian Smith
TippingPoint, a division of 3com
-----Original Message----- From: Andy Cuff [mailto:lists () securitywizardry com] Sent: Monday, April 25, 2005 1:43 PM To: focus-ids () securityfocus com Subject: Intrushield User Experiences Warts 'n' All Hi List Members I was wondering if anyone could enlighten me with their experiences with Intrushield IPS, especially in a large environment. I'm especially interested in (marketeers need not reply): How easy is it to tune? What are the false positive rates like? Can you write custom signatures? How easy is it to update, both signatures and appliance patches? How frequently do you receive signature updates? Does it provide sufficient information for an analyst to resolve an event? Does it do packet capture: a. per event? b. rolling? c. how easy is it to recover said packets? What is the support like? Value Added? Good points? Bad Points? Those more important points that I can't remember right now? I realise I can get much of the above from the website, but I would like to hear it from the horses mouth, from practitioners in the field. Regards Andy Cuff Chief Technology Officer Computer Network Defence Ltd http://SecurityWizardry.com Phone (+44) (0) 7968 608945 -------------------------------------------------------------- ------------ Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. -------------------------------------------------------------- ------------
-------------------------------------------------------------------------- Stop hurting your network! The NeVO passive vulnerability sensor continuously finds vulnerabilities, applications and new hosts without the need for network scanning. It also finds compromised systems with application-based intrusion detection. Go to http://www.tenablesecurity.com/products/nevo.shtml to learn more. --------------------------------------------------------------------------
Current thread:
- Intrushield User Experiences Warts 'n' All Andy Cuff (Apr 27)
- RE: Intrushield User Experiences Warts 'n' All Ed Gibbs (Apr 27)
- Re: Intrushield User Experiences Warts 'n' All david kuhlman (Apr 29)
- <Possible follow-ups>
- RE: Intrushield User Experiences Warts 'n' All Brian Smith (Apr 27)