RE: IPS Reliability/Availability

["Alan Shimel" <ashimel () stillsecure com>]

Marty

Correct me if I am wrong, but that is on the bivio box correct?
Interestingly our tests on this platform were well below the advertised
rates.  Are you planning any 3rd party testing of it?

alan

 
StillSecure
Alan Shimel 
Chief Strategy Officer 

O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel () stillsecure com
blog http://ashimmy.typepad.com

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com] 
Sent: Thursday, February 16, 2006 1:31 PM
To: David Williams
Cc: geek_brigades () yahoo com; focus-ids () securityfocus com
Subject: Re: IPS Reliability/Availability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi David,

You're referring to our IS 5800 chassis.  The 5800 is a carrier grade  
platform that uses a multiple PowerPC CPUs as the application  
processors.  It also uses a network processor for traffic management,  
load balancing, and several other capabilities as well as another PPC  
for systems management.  The system is fully fault tolerant, you can  
hot swap power supplies, network interface modules (NIMs), fan trays,  
hard drives and even processor boards without requiring a restart of  
the system.  The NIMs also offer power-off fail-open capability.   
Furthermore, the chassis is extensible, it's got a backplane  
connector so you can attach another chassis to it and distribute the  
applications and traffic across up to 8 more application CPUs (yep,  
14 CPUs of Snorting fury) so you've got some pretty significant  
investment protection as well because you don't need to get out your  
forklift to go to the "next step up platform" to get more  
performance, you just add computing power as needed and we can run  
all of our network-facing applications on it.

We have configurations that offer 2 or 6 CPUs for our applications  
right now and you can run intrusion detection, prevention or RNA in  
any combination you like on the device at the same time on it.  For  
example, you could have one chassis with 4 ports doing IPS, 2 ports  
doing IDS and 2 running RNA.

Performance is very good as well, multi-gig processing is available  
even in the 2 CPU configuration but obviously I don't have any third  
party testing to point to so you can take that for what it's worth.

      -Marty

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD9MTvqj0FAQQ3KOARAuKtAJ9zokhur/6W+ASEAaJVRbg/fqeFJACfRoAX
F7rAUA+dmmx1RFnPWj8PR0c=
=eVYv
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------