Educause Security Discussion mailing list archives
IDS throughput norms
From: Gary Dobbins <dobbins () ND EDU>
Date: Mon, 25 Nov 2002 09:40:44 -0500
We're amidst selection of an IDS for a few high-volume segments of campus, and are hearing some confusing claims by vendors. (surprise!) We'd like to informally survey those who are operating IDS' for what you have found to be "nominal", "ceiling", and "overload" volumes of detected events/second capacity for IDS systems. One product has claimed, for example, that 4 detected events/second is nominal (to handle and store to the forensics database) and that more than that could place a too-heavy load on their unit. Another claims that ~30,000 events per second is no problem. Clearly not comparing apples to apples here. We'd be happy to summarize back to the list if there's interest. ------------------------------------------------------------ Gary Dobbins -- dobbins () nd edu Director, Information Security University of Notre Dame, Office of Information Technologies Voice: 574.631.5554 ------------------------------------------------------------ ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- IDS throughput norms Gary Dobbins (Nov 25)