Re: IPS - Tipping Point vs. ISS?

["Consolvo, Corbett" <ConsolvoC () COFC EDU>]

Well, I guess this may not help if you've already narrowed it down, but
we're also in the process of evaluating IPSs.  We're looking at Reflex,
Nitro, ISS, and I think one or two others.  We're down to Reflex and
Nitro.  I'd be happy to share any info if you'd like.  Also, if anyone
else has any input on the other vendors, that'd be great!

 

Thanks,

Corbett Consolvo

CISO

College of Charleston

 

________________________________

From: Dave Koontz [mailto:dkoontz () MBC EDU] 
Sent: Friday, July 07, 2006 1:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IPS - Tipping Point vs. ISS?

 

All, after evaluating several IPS products, we have narrowed our
selection down to two products, Tipping Point and IIS Proventia along
with their Host Agents.   I've been searching for product & service
comparisons between the companies and technologies, but frankly
everything mostly deals with older models and past problems that have
long been resolved.

 

Reviews of these products are also mostly identical.   Both seem to have
solid rulesets with the most vicious exploit rules enabled by default.
Seems that the biggest separator is the ISS Proventia Server Agent
integration (basically BlackIce) which can do file system baseline /
variance reporting, monitor encrypted traffic to the host, and provides
basic auditing of things like the event log, and has agents for both
windows  and *Nix.

 

If anyone has recently done a comparison of these products at both the
network edge and in the core, I'd appreciate any feedback and why you
choose one product over the other.

 

Thanks in advance!

 

 

---

Dave Koontz

Associate Director CIS

Mary Baldwin College

Staunton VA 24401