IDS mailing list archives
RE: Best IPS system?
From: "Andrew Plato" <andrew.plato () anitian com>
Date: Thu, 8 May 2008 10:09:39 -0700
That's a SUPER-loaded question. There is no easy answer. And I guarantee you will get a wide array of answers and arguments. Questions like yours evoke intense emotional responses from some people. There is no one "best" solution. Each solution can be effective depending on the expertise of your staff, complexity of your network, etc. For example, many people will howl that all you need is an open source solution. That may be a good fit, if you have the in-house expertise in open-source platforms and the time to manage and maintain it. If you don't, then a commercial appliance would be better. Given your size, you might want to look toward a UTM (Unified Threat Management) type appliance. They offer multiple capabilities in one appliance. They typically will shine in one area and be mediocre in others. Remember, no solution is best. All of them have weaknesses. That said, this is what I would recommend (I am sure it will deeply and profoundly offend some people, it always does): For UTM: Fortinet WatchGuard Juniper SSG For stand alone IPS: TippingPoint Juniper ISS I do a lot of work with Fortinet and have found them to be a very good and robust all around UTM solution. A little easier to work with than Juniper and the Cisco ASA. The IPS in Fortinet is okay. The new MR6 code makes it a lot easier to work with the IPS. It is a very feature-rich platform with very good performance. The Juniper SSGs are okay. Good overall, the IPS is a little lacking. WatchGuard is a deeply messed up company, but they got some new owners and seem to be turning around. Their product is very easy to use. Another thing to keep in mind is the "best in class" problem. In an ideal world, it is best to purchase the best solution in each class (best firewall, best IPS, best mail filter, etc.) The problem with that strategy is that it is very expensive to do that. This is why UTMs have benefits. They allow you to collapse multiple applications on to a single platform. There are, of course, drawbacks to that strategy. Best suggestion - get demos of 2 or 3 solutions, pick the one you like and be happy. But remember that no matter what you pick, it will have weaknesses and there will always be somebody who tells you it was a bad choice. Good luck. ___________________________________ Andrew Plato, CISSP, CISM President/Principal Consultant Anitian Enterprise Security www.anitian.com
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Shelly Beasley Sent: Wednesday, May 07, 2008 3:01 PM To: focus-ids () securityfocus com Subject: Best IPS system? Hello mailing list, I would like to buy the "best" system available to the IPS network of my business. My company has only 200 users, all share an Internet connection (10 m). We now use Sonicwall to connect, but we are concerned about the hostile e-mails, malware websites, and people in piracy. Who produces the best job? Which is most capture hacker attempts? The product should not interfere with operations on the network (all connection is filled by the backup off-site at nite). Many thanks, SB -------------------------------------------------------------- ---------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impa
ct&campaign=intro_sfw
to learn more. -------------------------------------------------------------- ----------
_________________________________________________ NOTICE: This email may contain confidential information, and is for the sole use of the intended recipient. If you are not the intended recipient, please reply to the message and inform the sender of the error and delete the email and any attachments from your computer. _________________________________________________ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Best IPS system? Shelly Beasley (May 08)
- RE: Best IPS system? Andrew Plato (May 08)
- RE: Best IPS system? Randal T. Rioux (May 12)
- RE: Best IPS system? Paul Schmehl (May 12)
- RE: Best IPS system? Kevin Reiter (May 13)
- RE: Best IPS system? OSTERWALD, PAUL (ATTCLSMA) (May 13)
- RE: Best IPS system? Randal T. Rioux (May 12)
- RE: Best IPS system? Andrew Plato (May 08)
- RE: Best IPS system? Basem Barakat (May 08)
- Message not available
- Re: Best IPS system? Farrukh Haroon (May 09)
- Message not available
- Re: Best IPS system? Randal T. Rioux (May 21)