IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IPS Reliability/Availability

From: "Alan Shimel" <ashimel () stillsecure com>
Date: Mon, 20 Feb 2006 09:47:53 -0500
Marty with all due respect, I would like to see the 3rd party results with
real world traffic to prove the bandwidth claims in full IPS mode

alan

 
StillSecure
Alan Shimel 
Chief Strategy Officer 

O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel () stillsecure com
blog http://ashimmy.typepad.com

www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.

-----Original Message-----
From: Martin Roesch [mailto:roesch () sourcefire com] 
Sent: Sunday, February 19, 2006 11:29 PM
To: ashimel () stillsecure com
Cc: 'David Williams'; geek_brigades () yahoo com; focus-ids () securityfocus com;
'Rajat Bhargava'
Subject: Re: IPS Reliability/Availability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Feb 19, 2006, at 7:40 PM, Alan Shimel wrote:


Marty

Correct me if I am wrong, but that is on the bivio box correct?


Yes, we're OEM'ing the Bivio chassis.


Interestingly our tests on this platform were well below the  
advertised
rates.  Are you planning any 3rd party testing of it?


I'm not sure what performance numbers you're referring to but I won't  
speculate.  Much like Snort, you can't just take a stock build and  
put it on a system and expect it to achieve maximum performance, we  
have significant engineering resources available and a close  
relationship with the manufacturer to get our application performance  
where we want it to be.  We've managed to achieve the maximum  
performance available with the chassis as it's configured today  
subject to max bandwidth available with the backplane architecture.

There is an update that will be available RSN that will increase the  
throughput of the backplane as well as adding some other performance  
features to the chassis.  For existing customers it'll be a firmware  
upgrade (back to the investment protection thing) and I think  
everyone who has one will like the results.

As for 3rd party testing, we typically participate in those sorts of  
tests but its subject to the Sourcefire marketing team's bandwidth  
and our production schedule.  We also have an extensive multi-gigabit  
testing environment in our labs and have tested the chassis  
extensively, from what I understand many of our customers and  
prospects consider our performance claims across our product lines to  
be rather conservative but you can take that with the appropriate  
amount of salt.

     -Marty

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD+UWcqj0FAQQ3KOARAqURAJsE/1/fBmE/ZSvLWnydvvRigYtgNQCfU8Iq
+lpXCbh2H0eTGliGLAa2PGA=
=rrKo
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: