RE: Radware DefensePro vs McAfee Intrushield vs TippingPoint UnityOne

[Julius Detritus <julius.detritus () ifrance com>]

Hi,

> Have anyone experience with these systems?
> What are the Pros & Cons?

We have tested Radware, McAfee and TippingPoint products in order to secure
our SOC. Our needs where mainly :
- Intrusion detection/prevention
- DoS/DDoS protection and Bandwidth management
- Scalability
- Performance

We tested the following systems : 
- Radware DefensePro / AS3 + Stringmatch engine
- McAfee IntruShield 4000
- TippingPoint UnityOne 2400

In terms of Intrusion Detection and Prevention those three products behave
quite the same : good signature base, very low false positive rate and
"acceptable" false negative rate.

For DoS and DDoS protection the Radware product appeared to be the best
solution based on :
- SYN Cookies for SYN Floods attacks
- signature + trfaic sampling based (stream anomaly analysis) for DDoS. 
What is more the Bandwidth Management feature is very powerfull (quite
normal as it is one of Radware original core business) and allows to isolate
attacks so that all your  links don't get flooded. 

Scalability really depends on your needs. We needed to secure 4 segments at
first. Only Radware and Tippingpoint products provided enough segment
protection in a single product. However Tippingpoint was limited to 4
segmentsn which wouldn't allow us to add new segments with the same box.
Radware supports 8 segments which would, at last make a lower cost/segment.

Last the DefensePro with AS3 and Stringmatch engine hardware gave better
results in terms of latency as well as stability (...), as far as we could
simulate up to 200 Mbps of trafic mixing legitimate trafic, real intrusion
attempts, SYN Flood, portscan and "strange" packets. Once again these
results are not surprising as Radware uses the same hardware platform (AS3)
than for other products of its core business + a specific hardware
(stringmatch) for signatures analysis.

My 0,02$

Julius



___[ Pub ]____________________________________________________________
Inscrivez-vous gratuitement sur Tandaime, Le site de rencontres !
http://rencontre.rencontres.com/index.php?origine=4


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------