RE: IPS comparison

["David L Rice" <drice39 () cox net>]

Cisco IPS and Cisco MARS are two separate products, MARS is more of a
complement and correlation engine for IPS. IPS 5.0 is a much improved
improvement on 4.1. That being said, I really doesn't do much more than what
you could get a snort box to do. The only advantage we have is that we have
the IPS modules on the 6509. If I where picking it out today I would more
than likely take a good look at sourcefire. After all it's the guys that
wrote snort. I've also heard good things about the Symantec IPS, It's not
signature based, it's based off the RFC's. But I would think the false
positive rates would be high but there not.  

-----Original Message-----
From: Martin [mailto:mleroux () lincsat com] 
Sent: Monday, July 25, 2005 4:02 PM
To: 'Leif Sawyer'; pen-test () securityfocus com
Subject: RE: IPS comparison

A Good start would be to have a look at http://www.nss.co.uk/ it features a
number of products and very well done.

Cheers

-----Original Message-----
From: Leif Sawyer [mailto:lsawyer () gci com]
Sent: Monday, July 25, 2005 4:34 PM
To: pen-test () securityfocus com
Subject: RE: IPS comparison


bw [bjshhsjb \@ yahoo.com]  wrote:
> I have been tasked with comparing IPS appliances. I am
> seriously looking at top layer's product line and tipping 
> point. Does anyone have a spreadsheet or know of any tool 
> they would be willing to share for comparing products. Im new 
> to this so any help would be appreciated

I almost wonder if it's of more importance to review the IDS
collection/analysis engines?

With so much data available, who has time to look at it all, without some
method of distilling it all down to useful data?

Protego (now Cisco MARS), Checkpoint Eventia, ...

are there any others?  There must be.  But with this being such a "new"
model, I haven't seen a lot of information comparing these types of products
yet.