Re: Network World IPS Review Invitation - calling all IPS vendors!

[Joel M Snyder <Joel.Snyder () Opus1 COM>]

I totally agree on the usability testing; that was our primary focus in 
the last IPS test.  In this test, we're going to push on performance 
because it hasn't really been done before (at least not competently at 
this speed), and that's a new and interesting angle.  However, a lot of 
what I'm contributing to this (David Newman is really the world's best 
performance tester) is going to be in the areas such as usability, 
although it will be second-place to the performance focus.

In terms of spike versus sustained, that's a good point.  Systems *do* 
behave very differently when they see a massive spike compared to a 
steady state.  I suspect that we have enough on our plate right now that 
adding that kind of testing would be infeasible, but it's an outstanding 
idea.

Best,

jms


Andrew Plato wrote:
> Joel,
>
> Just a suggestion...
>
> In your next round of tests, how about creating a situation where the
> traffic is similar to a real network. IPS tests tend to throw a massive
> ton of traffic at boxes that is sustained for hours or days. That is not
> how most networks operate. Most networks are a mix of lots of different
> protocols and have spikes and valleys in usage. Its rare to see a
> network with fully saturated lines. How an IPS responds to a sudden
> spike in traffic is more insightful then how it holds up to a 12 hour
> barrage of traffic. 
>
> I'd also like to see some usability testing. How do IPSs stack up in
> terms of their long-term usability? I think users want to know more than
> just raw performance specs. They want to know the realities of managing
> the equipment. Some equipment has great performance specs, but it causes
> brain cancer trying to use it every day. 
>
> Just some suggestions. 
>
>
> -----------------------------------------------
> Andrew Plato, CISSP, CISM
> President/Principal Consultant
> Anitian Enterprise Security
>
> -----------------------------------------------
>
>
>  
>
> -----Original Message-----
> From: Joel M Snyder [mailto:Joel.Snyder () Opus1 COM] 
> Sent: Thursday, February 02, 2006 12:54 PM
> To: focus-ids () securityfocus com
> Subject: Network World IPS Review Invitation - calling all IPS vendors!
>
> If you make an IPS, please ask your PR person to read:
>
> http://www.networktest.com/ips06/ips06invite.html
>
> It is an invitation to Network World's IPS performance test.
>
> jms
> --
> Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
> Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
> jms () Opus1 COM    http://www.opus1.com/jms    Opus One
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
> to learn more.
> ------------------------------------------------------------------------
> _____________________________________________
> NOTICE:
> This email may contain confidential information, 
> and is for the sole use of the intended recipient.  
> If you are not the intended recipient, please reply 
> to the message and inform the sender of the error 
> and delete the email and any attachments from 
> your computer. 
> _____________________________________________

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Phone: +1 520 324 0494 (voice)  +1 520 324 0495 (FAX)
jms () Opus1 COM    http://www.opus1.com/jms    Opus One

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------