Re: Proventia G400

[FinAckSyn <finacksyn () yahoo co uk>]

Hi Valter,

We are currently evaluating IPS vendors in order to
make an informed choice about which is going to be
best for our customers (we are a security
consultancy/reseller).

Unfortunately, ISS Proventia was one of the first to
drop off the list.  It's one of those that fell into
our category of inline-IDS.  Heavily signature
reliant, PC-based, doesn't run standalone (needs
external management), plus the requirement of an
external unit to enable resiliency in case of
Proventia hw/sw failure made the overall solution
quite bulky.  Even more so for a single-box
deployment.

Throughput of 400Mpbs seemed reasonable, but if you're
going to include Gb ports on a device, in our opinion,
that device should be able to handle a full Gb.  It
didn't handle 400Mbps of small packets very well,
either, so you would need a separate DDOS device (ISS
don't supply these) if true enterprise perimeter or
hosting protection is required.

SiteProtector software is excellent - one of the best.
 But you need to see through this and work out whether
or not the device offers the protection you need,
rather than choose a product based on appearance.  The
reports are also pretty nifty too.
If we had to choose a product based on policy
management and reporting, ISS would come pretty close
to the top of the list.

Digging deeper, we also looked for independent test
results.  We referred to www.nss.co.uk, whom offer the
most thorough tests on the market.  No sign of ISS,
except in the old IPS Edition 1 test (non-current).  

We did hear on the grapevine that ISS (and Check
Point, for that matter), both submitted their products
for Edition 2 and 3 testing, but nothing came out of
the other end.  We can only assume that they declined
to have their results published.

Our thoughts?  It's not really a true IPS.  Next.

Regards,

Matt


--- Valter Santos <vsantola () sectoid com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi there,
>
> anyone out there is using ISS Proventia G400 series,
> and is willing to
> share some thoughts ?
>
> thanx
> /valter
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFDXLlgR7pJvOKksgYRApuSAJ0XEwPrGGTmj73XPsUzA8/Yjv3PkACg0SJG
> gpFJyahq23YI88HmK/29xFQ=
> =tb4B
> -----END PGP SIGNATURE-----
------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it 
> with real-world attacks from CORE IMPACT.
> Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
------------------------------------------------------------------------
>



                
___________________________________________________________ 
To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. 
http://uk.security.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------