Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

IDS throughput norms

From: Gary Dobbins <dobbins () ND EDU>
Date: Mon, 25 Nov 2002 09:40:44 -0500
We're amidst selection of an IDS for a few high-volume segments of
campus, and are hearing some confusing claims by vendors.  (surprise!)

We'd like to informally survey those who are operating IDS' for what
you have found to be "nominal", "ceiling", and "overload" volumes of
detected events/second capacity for IDS systems.

One product has claimed, for example, that 4 detected events/second is
nominal (to handle and store to the forensics database) and that more
than that could place a too-heavy load on their unit.  Another claims
that ~30,000 events per second is no problem.  Clearly not comparing
apples to apples here.

We'd be happy to summarize back to the list if there's interest.

  ------------------------------------------------------------
  Gary Dobbins -- dobbins () nd edu
  Director, Information Security
  University of Notre Dame, Office of Information Technologies
  Voice: 574.631.5554
  ------------------------------------------------------------

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/memdir/cg/.
Previous By Date Next
Previous By Thread Next

Current thread: