performance metrics for IPS systems?

[p z <peterzulu () gmail com>]

Hi:

I'm developing an RFP for an IPS system and am now on the section
regarding performance metrics.  We have a large distributed network
with mostly gige networks linked via vpns over oc-192 pipes.  The IPS
systems would be used to protect the VPN end-points, as well as
internal network segments (primarily the core.)

I'm planning on demanding that the IPS systems perform at >225,000
packets/second (100% of packets inspected) with <.5ms latency per
packet.  Is this reasonable for an IPS?  We have a very busy network
which can burst above 225,000pps.  Should I look for an
application-smart firewall or router instead?

here are some other questions:

- What is the standard/acceptable frames/second I should expect of an IPS?
- What is the acceptable/standard latency per packet for an IPS?
- Are there other metrics I should be concerned about (like mbps?
reaction time? etc.)?
- Does anyone use what they consider to be a high-performance IPS?
what sorts of throughput and latency do you experience?

Thanks!
Peter

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------