Intrusion Prevention requirements document

[vendortrebuchet () comcast net]

All,

I work on a team that manages signature and behavioral based intrusion detection systems today.  We have been tasked 
with reviewing IPS (or whatever vendor name acronym you prefer) in '06.  Our normal process is to put together a base 
requirements document to weed out vendors in the first round through a paper excercise and then bring in the best we 
can identify.  My question is, has anyone developed a matrix that identifies key qualifiers in an IPS solution (e.g. 
in-line, fails open/closed, reporting features, etc.).  If so, could you provide links or the documents?

If not, what categories are most significant to consider in your expert opinions?  What reasons did you choose the 
solution you have?  What would you consider if you had to choose over again, etc?

Thanks in advance for your responses.

VT

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------