IDS mailing list archives
RE: RE: Which is the most widely deployed commercial IPS
From: "Alan Shimel" <ashimel () stillsecure com>
Date: Thu, 27 Apr 2006 16:03:40 -0400
I think your mistake is you are confusing a consumer version, dumb downed IPS (host based, not network) with a commercial network IPS. Apples and Oranges. Look at the signature bases for example. alan StillSecure Alan Shimel Chief Strategy Officer O 303.381.3815 C 516.857.7409 F 303.381.3881 email ashimel () stillsecure com blog http://ashimmy.typepad.com www.stillsecure.com The information transmitted is intended only for the person to whom it is addressed and may contain confidential material. Review or other use of this information by persons other than the intended recipient is prohibited. If you've received this in error, please contact the sender and delete from any computer. -----Original Message----- From: thunking () hotmail com [mailto:thunking () hotmail com] Sent: Thursday, April 27, 2006 1:50 AM To: focus-ids () securityfocus com Subject: Re: RE: Which is the most widely deployed commercial IPS I should have clarified.. yes I was talking about network IPS. I wasn't so interested in marketshare as that doesn't necessarily mean a quality product at least in the network IPS space. What I was really interested in is which product is known to be deployed on the largest number of machines and therefore seeing the largest breadth of traffic. Since by the admission of the someof the vendors on this list, it is notpossible to test in the lab, I take that to mean that my best bet is to go with a company who;s products are deployed in blocking mode in the widest variety of machines around. Take an example.. recently as a pilot we handed out free copies of Norton Internet Security and Norton Antivirus to a subset of our students and monitored their experiences. Not a single FP except for an issue with Yahoo cross-site scripting, which turned out was not really an FP. Both these products now have Network based Intrusion Prevention, and whats nice is that all signatures ship in b locking mode. Now it occurs to me that of all the NIPS products out there, NIS and NAV might be the ones that see the largest breadth of traffic. By last count I believe some analysts estimate the number of customers to be around the 100 million mark. Thats a 100 million unique users actively running NIPS signature in blocking mode. To me that pretty convincing that if just a large deployment of blocking signatures rarely causes FPs (there are 1 or 2 every now and then), then the enterprise version Symantec Client Security that has the same signature set must be good as well. Are there other examples of products from other vendors with this kind of a deployment ? Where am I going with this...? My biggest concern for the deployment I am targeting is False Positives. I definitely want the signature to be in blocking-mode out of the box. I am seeing companies like ISS ship many signatures in non=blocking mode, which at least for me is useless. Whats the point having the customer try to figure out if a signature should be switched back to blocking on not. So a product like that definitely out of the running. Could do with some feedback from customers on here to help cut through the marketing and false claims. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Which is the most widely deployed commercial IPS thunking (Apr 18)
- <Possible follow-ups>
- RE: Which is the most widely deployed commercial IPS Andrew Plato (Apr 19)
- Re: RE: Which is the most widely deployed commercial IPS thunking (Apr 27)
- RE: RE: Which is the most widely deployed commercial IPS Alan Shimel (Apr 27)
- RE: RE: Which is the most widely deployed commercial IPS Andrew Plato (Apr 28)