IPS comparison

[Rubayat.Zahir () csfb com]

IPS/IDS can claim all they want on Zero Day exploits. I can assure you its a player's luck. I had client during my Big 
X career who were saved by ISS on SQL Slammer, and hit hard on Nimda and Code Red. Its really a players luck. All 
IDS/IPS require full customization to your environment (i.e. Applications, Code, Platforms etc.). Second of all, based 
on the patterns I have seen, it is truly a variance among vendors (ISS, Enterasys, Cisco, Snort, etc.). Lastly, the 
best of all IDS's are ones that has the capability to perform attack correlations. 

Some IPSs are software (e.g. those from Computer Associates, McAfee, Snort) that you run on your own servers (which may 
be Windows and/or Linux-based), while others are dedicated appliances (including SonicWALL, McAfee, Juniper and Cisco). 
Your company may have a policy that limits you to one type or the other. 

To be frank, In many cases, IDS and IPS it’s the same piece of kit, that’s just been re-categorised by the vendors - 
protection seems an awful lot more marketable than just detection (especially if a detection system just writes an 
alert to a log file that you only get a chance to look at once a week).

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------