RE: NIPS Vendors explicit answer

[Melih Kırkgöz (Koç.net) <melihk () koc net>]

Hello Everyone,

İ am responsible for testing and offering an IPS solution for big networks with high rated throughputs for my 
company(an ISP) and our customers.
As i read these mails flowing around,i said "yes this is the right place to share my opinions".
İ would rather ask a question outside the theory about IDS-IPS comparision.Right now i am more interested in product 
comparision becaues of my urgent duty

İ had the chance to test Radware Defense Pro only as ab inline - IPS product.
İt seems to be very fast responsive and successfull blocker against DDOS attacks,Synfloods and typical worms and 
detecting Protocol Anomalies.
The other vendors waiting for my tests:) are Netscreen IDP,RealSecure ISS Proventia G200 and Network Associates NAI 
Intruvert 2600 series.
Does any of you know about these products,especially in a competitive way between them?
İ would appreciate your answers

Regards

Melih Kırkgöz  
Network Security Services 
Koç.net Haberlesme Teknolojileri ve Iletisim Hizmetleri
Camlica Is Merkezi B3 Blok Uskudar 81190 
Istanbul -TURKEY 
email: melihk () koc net 
URL :http://www.koc.net 


-----Original Message-----
From: Rob Shein [mailto:shoten () starpower net] 
Sent: Tuesday, April 27, 2004 6:39 PM
To: 'Frank Knobbe'; 'Vikram Phatak'
Cc: focus-ids () securityfocus com
Subject: RE: NIPS Vendors explicit answer


I can answer this fairly easily.  Bruce Schneier, among other people, has been pointing out that the real measure of 
security is how gracefully it fails.  In many large environments (like where I am right now) there can be confusion as 
to who is responsible for which system; the system in question may go unpatched as a result.  When there's an IPS on 
top of everything, it makes a big difference, because now you have another layer of defense to protect it.  At some 
point, someone is bound to notice that the system isn't patched, but at least it won't be because of some 1337 d00d 
tearing it up. For a public-facing service this is an entire second layer of protection, where before there was only 
one.

I'd also think that any environment that could tackle the implementation of an IPS correctly would already have 
patching fairly well in hand.  And I doubt they'd stop patching at that point, anyways.

Oh, and I second the request for an IPS list.  Good idea, Frank!

> -----Original Message-----
> From: Frank Knobbe [mailto:frank () knobbe us]
> Sent: Monday, April 26, 2004 8:04 PM
> To: Vikram Phatak
> Cc: focus-ids () securityfocus com
> Subject: Re: NIPS Vendors explicit answer

<snip>

> True. It seems I was focusing on the detection part, not the 
> prevention part. A product that shields existing 
> vulnerabilities from a network does have merit.
>
> I think I just question why we need the product. It appears 
> that it would allows us to be more complacent with our 
> networks. Why patch the system when the IPS shields it? There 
> seem to be two sides to the IPS-shielding-the-network 
> approach. I can see where it is useful (especially when 
> running Microsoft products, the latest SSL issue being the 
> perfect example). But at the same time it is only a band-aid 
> until the hosts are patched. Shouldn't we focus our 
> preventative efforts on the hosts?
>
> (not dispelling IPS, but we should use it as a substitute for 
> securing systems).

<snip snip>


---------------------------------------------------------------------------

---------------------------------------------------------------------------

---------------------------------------------------------------------------

---------------------------------------------------------------------------