IDS mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Juniper and ISS Protocol Anomaly Detection Evaluation

From: "Reynolds, Wayne" <Wayne_Reynolds () condenast com>
Date: Mon, 15 May 2006 12:01:19 -0400
Mike,

We have already compared these two solutions in depth and ended up
choosing Juniper.

We already use NetScreens as our firewall solution and Juniper will be
offering an IDP module for the NetScreens very shortly which will
incorporate the IDP management within their pre-existing NSM console
package.

Personally, I found ISS' management console much more intuitive, but I
felt that their tech support was severely lacking.  Their support team
just never seemed interested in giving us any help.

-Wayne

________________________________________
Wayne D Reynolds
Network Engineering and Security
Conde Nast Publications
mailto:wayne_reynolds () condenast com

  

-----Original Message-----
From: Mike Youngs [mailto:myoungs () glenergy com] 
Sent: Friday, May 12, 2006 8:06 AM
To: focus-ids () lists securityfocus com
Subject: Juniper and ISS Protocol Anomaly Detection Evaluation

Hello Everyone,
 
I am doing a network based intrusion detection and prevention system
evaluation, and have come across something I would like this groups
collective experience to give an opinion on.
 
For various reasons, we have settled on making a selection between the
Juniper IDP 600C and the ISS Proventia GX5008.  During our evaluation,
we
have found that Juniper and ISS offer their protocol anomaly detection
means
in much different ways.  What I would like to hear from this group is
your
experience and insight with either product's protocol anomaly detection.
If
someone has insight and/or experience with both products, that will be
that
much better.  I hope to find out if each vendor's protocol anomaly
detection
features are essentially the same thing, or if one is superior over the
other
and why, so I can make a more informed decision on this feature.
 
Another way to say it is, does "protocol anomaly detection" mean the
same
thing to both vendors?  It appears that "attack pattern" means something
different to each vendor.  One considers in the actual string or pattern
to
look for in a packet, and the other considers is it multiple events when
viewed as a whole could mean an attack on a system.
 
Any insight would be appreciated!  Thanks in advance,
 
Mike Youngs
Network Manager
Great Lakes Energy

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: