IDS mailing list archives
NSS (was Re: Intrusion Prevention)
From: Randy Taylor <gnu () charm net>
Date: Mon, 30 Dec 2002 09:39:08 -0500
At 07:29 PM 12/25/2002 +0000, Rick Williams wrote:
[snip]... I will be beginning evals of IntruVert soon, with NetScreen IDP to follow. For functionality ("speeds and feeds") criteria, I am relying heavily on OSEC, because the Neohapsis crew knows their stuff and nothing is hidden .... [snip]I like the NeoHapsis guys too, but the OSEC stuff is very like the ICSA certification for firewalls, etc - you get your checklist and your "PASS/FAIL" mark - "Just Another Certification Scheme"
I guess I saw a lot more detail and quality in the OSEC criteria than you did. To each their own.
Whilst the OSEC results are always interesting and should not be ignored, anyone serious about deploying Gigabit IDS or Intrusion Prevention should definitely be reading the latest NSS Group report (www.nss.co.uk/gigabitids). The methodology looks every bit as thorough as the OSEC stuff (they complement each other in several areas) but they also go to the trouble of providing many pages per product of detailed subjective technical evaluations - features and benefits, scalability, ease of use, completeness of alert handling, reporting, forensics, etc, etcOK, so you have to pay for the full report, but it's only $50 and if you can't get the budget for that then you are definitely NOT interested in deploying Gigabit IDS ;o)
Um, NSS got paid once to do their tests. I'm not ponying up additionalmonies for the privilege of reading their results. And for subjective issues, I'll
ask the people that actually use the products in question, not NSS. In addition, because I have adequate background in this field, I'll also eval the subjective stuff myself and resolve things against my own conclusions and the user feedback I get.
I am hoping that both Netscreen and Sourcefire will be in the next edition and I have to say that Dragon was off our list of IDS for ANY speed of network some time ago due to its constant omission from these reports (you don't have to pay for the 100Mbit IDS reports, they are all on-line for free in full).
Enterasys or the Dragon crew can speak to why they don't submit their stuff to NSS if they have a mind. Or not. Or something. *shrug*
My 0.02 Rick
And mine as well. Best regards, Randy ----- "I know what you're thinking, 'cause right now I'm thinking the same thing.Actually, I've been thinking it ever since I got here: Why oh why didn't I take
the BLUE pill?" -- Cypher - The Matrix --
Current thread:
- RE: Intrusion Prevention, (continued)
- RE: Intrusion Prevention Chris Petersen (Dec 11)
- Intrusion Prevention Johnny Kho (Dec 23)
- RE: Intrusion Prevention Robert_Huber (Dec 11)
- RE: Intrusion Prevention Matthew L. McGuirl (Dec 11)
- RE: Intrusion Prevention Frank Knobbe (Dec 11)
- RE: Intrusion Prevention Carey, Steve T GARRISON (Dec 23)
- Re: Intrusion Prevention Dave Mitchell (Dec 23)
- Re: Intrusion Prevention Randy Taylor (Dec 24)
- Re: Intrusion Prevention Dave Mitchell (Dec 23)
- Re: Intrusion Prevention Rick Williams (Dec 27)
- OSEC [WAS: Re: Intrusion Prevention] Greg Shipley (Dec 29)
- NSS (was Re: Intrusion Prevention) Randy Taylor (Dec 30)