Penetration Testing mailing list archives
RE: IPS comparison
From: "David L Rice" <drice39 () cox net>
Date: Mon, 25 Jul 2005 21:42:38 -0700
Cisco IPS and Cisco MARS are two separate products, MARS is more of a complement and correlation engine for IPS. IPS 5.0 is a much improved improvement on 4.1. That being said, I really doesn't do much more than what you could get a snort box to do. The only advantage we have is that we have the IPS modules on the 6509. If I where picking it out today I would more than likely take a good look at sourcefire. After all it's the guys that wrote snort. I've also heard good things about the Symantec IPS, It's not signature based, it's based off the RFC's. But I would think the false positive rates would be high but there not. -----Original Message----- From: Martin [mailto:mleroux () lincsat com] Sent: Monday, July 25, 2005 4:02 PM To: 'Leif Sawyer'; pen-test () securityfocus com Subject: RE: IPS comparison A Good start would be to have a look at http://www.nss.co.uk/ it features a number of products and very well done. Cheers -----Original Message----- From: Leif Sawyer [mailto:lsawyer () gci com] Sent: Monday, July 25, 2005 4:34 PM To: pen-test () securityfocus com Subject: RE: IPS comparison bw [bjshhsjb \@ yahoo.com] wrote:
I have been tasked with comparing IPS appliances. I am seriously looking at top layer's product line and tipping point. Does anyone have a spreadsheet or know of any tool they would be willing to share for comparing products. Im new to this so any help would be appreciated
I almost wonder if it's of more importance to review the IDS collection/analysis engines? With so much data available, who has time to look at it all, without some method of distilling it all down to useful data? Protego (now Cisco MARS), Checkpoint Eventia, ... are there any others? There must be. But with this being such a "new" model, I haven't seen a lot of information comparing these types of products yet.
Current thread:
- IPS comparison bw (Jul 25)
- Re: IPS comparison DokFLeed (Jul 26)
- RES: IPS comparison Charbel Chalala Issa (Jul 26)
- Re: IPS comparison David Eduardo Acosta RodrÃguez (Jul 26)
- <Possible follow-ups>
- RE: IPS comparison Williams, Cameron (Jul 25)
- Re: IPS comparison Micheal Cottingham (Jul 25)
- RE: IPS comparison Leif Sawyer (Jul 25)
- RE: IPS comparison Martin (Jul 25)
- RE: IPS comparison David L Rice (Jul 25)
- RE: IPS comparison Lyal Collins (Jul 26)
- RE: IPS comparison Alexis Villagra - VILSOL LatinAmerica (Jul 26)
- RE: IPS comparison Martin (Jul 25)
- RE: IPS comparison Security Focus (Jul 26)
- RE: IPS comparison Dane Warren (Jul 25)
- IPS Comparison Darwin (Jul 25)
- RE: IPS Comparison Security Focus (Jul 26)
- RE: IPS comparison Singh, Yashpal (Jul 25)
- RE: IPS comparison Jeffrey Leggett (Jul 26)
- Re: IPS comparison Chuck (Jul 27)
- RE: IPS comparison Soszynski, Chris (Jul 27)