IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Help in evaluating Inline IDS/IPS solution

From: Ravi <ravivsn () roc co in>
Date: Thu, 05 Jun 2003 10:10:57 +0530
Hi,
My company plans to resell the Network Inline IDS/IPS solution to our customers and support customer. I was given task of evaluation of different solutions in the market. There are some questions asked by our customers and I would like to keep these in mind while 
     evaluating the IDS solutions.
Do IDS vendors really test the signature against the vulnerable applications, hardware platform of the application and version of application before releasing the signature? Do the IDS vendors claim this? If so, what is it I need to look for?
From sensor technology perspective, I find that all the vendors seems to be having similar capabilities. But, I am trying to see the continued support on new attacks 
     and vulnerabilities found.
One vendor claims that they have 5 dedicated analysts looking at the vulnerabilities and updating signatures (if needed). Another vendors claims that they have more than 20 analysts doing this job. Can this be considered in my eval? Is it that other 
     vendor exaggerating the number of resources they have for this job.

     Performance:
What is the best metric to look for? I feel HTTP1.0/1.1, SMTP, IMAP, NNTP, TELNET, POP3 connection rate and UDP throughput for different sizes is good 
      metric. Is there anything should I look for?
Are there any labs, which provide testing facilities for testing IDS/IPS with latest vulnerabilities and with real vulnerable applications? I am really looking for lab which provides facilities and allows us to test the IDS/IPS solution on regular basis. 

     Thanks
      Ravi






--


The views presented in this mail are completely mine. The company is not
responsible for whatsoever.
------------------------------------------------------------------------
Ravi Kumar CH
Rendezvous On Chip (i) Pvt Ltd
Hyderabad, India
Ph: +91-40-2335 1214 / 1175 / 1184

ROC home page <http://www.roc.co.in>




-------------------------------------------------------------------------------
INTRUSION PREVENTION: READY FOR PRIME TIME?
IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention.
Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: