Re: [lists] New IPS testing methodology

[Bob Walder <bwalder () spamcop net>]

Indeed - but each of those sources, plus the master list of certifications I
mentioned in the previous posting, state quite clearly that the
certification was for their Gigabit IDS sensor - I thought it was IPS you
were interested in?

Bob Walder


On 14/10/06 12:55, "Aruna" <arunah () slt lk> wrote:

>  
> Hi List
>
> My information was based on the following link by Sourcefire :
>
>  http://www.sourcefire.com/news/awards.html
>
> And also following the following Link from NSS :
>
> http://www.nss.co.uk/grouptests/gigabitids/edition3/pdf/Sourcefire%20IS3000%
> 20V4.0.2%20WP.pdf
>
> Is this different to IPS what the sourcefire claim to be ?
> Consisting of Intrusion Sensor( above )and Source Fire RNA , combined called
> 3-d security by Source Fire.
>
> Appreciate to know whether this is NOT an IPS by definition of NSS also.
>
> I am a bit confused , appreciate any help on this.
>
> Regards
>
>
> aruna
>
>
>
>
> -----Original Message-----
> From: Bob Walder [mailto:bwalder () spamcop net]
> Sent: Saturday, October 14, 2006 4:10 PM
> To: Aruna; 'Curt Purdy'; Focus-Ids Mailing List
> Subject: Re: [lists] New IPS testing methodology
>
> SourceFire IPS products have not yet been certified/Approved, neither under
> the current methodology nor the previous ones - see complete list of current
> and previous certifications here:
>
> http://www.nss.co.uk/certification/tested.htm
>
> We are hoping to see SourceFire IPS products in our labs in the near future
>
> Bob Walder
>
>
> On 14/10/06 11:33, "Aruna" <arunah () slt lk> wrote:
>
> > Hi List
> >
> > Do we have any comparison between Source Fire IPS and ISS Proventia IPS :
> >
> > Seems both are NSS certified and approved also.
> >
> > Any help is highly appreciated.
> >
> > Regards
> >
> > aruna
> >
> >
> > ========================================
> > Aruna B. Herath
> > Head Of Internet Data Center Section,
> > 5th Floor, SLT HD Qts,
> > Lotus Road,
> > Colombo 1,
> > Sri Lanka.
> >  
> > Tel  : +94 11 2337999
> > Fax : +94 11 2387918
> >  
> >  
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Curt Purdy
> > Sent: Friday, October 13, 2006 2:35 PM
> > To: 'Bob Walder'; 'Focus-Ids Mailing List'
> > Subject: RE: [lists] New IPS testing methodology
> >
> > I am very glad to see ISS Proventia certified.  I am currently taking
> > the Basic and Advanced Proventia class followed by the Internet Scanner
> class.
> > The Fusion Module that unites the VA data with the IPS to reduce false
> > positives is an amazing product.  Now that IBM has bought ISS and will
> > incorporate it along with the acquired SIM, neuSecure (now TSOM) is
> > our answer to continual monitoring and protection of the network and
> > servers (with ISS HIDS).
> >
> > Curt Purdy CISSP, GSNA, GSEC, CNE, MCSE+I, CCDA Manager Information
> > Security CareFirst BlueCross BlueShield curt.purdy ()  carefirst com
> > 443.846.4231
> >
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com
> > [mailto:listbounce () securityfocus com] On Behalf Of Bob Walder
> > Sent: Tuesday, October 10, 2006 9:19 AM
> > To: Focus-Ids Mailing List
> > Subject: [lists] New IPS testing methodology
> >
> > For those of you who are interested, we have launched our new IPS
> > testing methodology which includes more extensive security coverage
> > testing, evasion testing and performance testing than previously, as
> > well as formalising the testing of the management capabilities, etc.
> >
> > The format of the test reports has been streamlined to try and make
> > them easier to read and to relate the descriptive test directly to the
> > methodology. This should make it easier to compare different
> > reports/products.
> >
> > Biggest news is that the ENTIRE test report - including all the
> > benchmark tables, etc. - is now available on-line for free download (no
> registration).
> > The first products have now been certified and the results are
> > available on-line at the following links:
> >
> > http://www.nss.co.uk/certification/ips/certips.htm
> > http://www.nss.co.uk/certification/ips/certipsresults.htm
> >
> > As you will see, all of the certification programs are ongoing
> > throughout the year now - we intend to collect a number of the results
> > together with some analysis in a group test report every so often
> >
> > I hope you find the individual test reports useful - many vendors are
> > signed up for both IPS and Multi-Gigabit IPS testing and the results
> > will be published as the testing of each product is completed.
> >
> > Bob Walder
> > The NSS Group
> >
> >
> >
> >
> >
> >
> > ----------------------------------------------------------------------
> > --
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks from
> > CORE IMPACT.
> > Go to
> > http://www.coresecurity.com/index.php5?module=Form&action=impact&campa
> > ign=in
> > tro_sfw
> > to learn more.
> > ----------------------------------------------------------------------
> > --
> >
> >
> >
> >
> >
> >
> > ----------------------------------------------------------------------
> > --
> > Test Your IDS
> >
> > Is your IDS deployed correctly?
> > Find out quickly and easily by testing it with real-world attacks from
> > CORE IMPACT.
> > Go to
> > http://www.coresecurity.com/index.php5?module=Form&action=impact&campa
> > ign=in
> > tro_sfw
> > to learn more.
> > ----------------------------------------------------------------------
> > --



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------