Re: IPS Reliability/Availability

[Martin Roesch <roesch () sourcefire com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So Andrew, are you saying that most of our customers routinely  
experience 75% hardware failure rates and we're somehow managing to  
cover this up or do you think this was an isolated incident?  Can you  
imagine the cost to us in in terms of overhead for our customers with  
100+ sensors if that were a true indication of the reliability of our  
gear?

BTW, our IPS appliances offer zero power fail-open NICs as well.

    -Marty

On Feb 6, 2006, at 11:04 AM, Andrew Plato wrote:

> Most of these devices are pretty good for reliability. The only
> exception I would make is SourceFire, which back when we sold it had
> abysmal reliability (3 out of 4 boxes we sold to a customer show up  
> dead
> or died soon after installation).
>
> TippingPoint sells a zero-power bypass add-on for their IPS. If the  
> IPS
> fails in anyway, traffic is passed through the zero-power device. Its
> very easy to add. Juniper does something similar.
>
> -----------------------------------------------
> Andrew Plato, CISSP, CISM
> President/Principal Consultant
> Anitian Enterprise Security
>
> -----------------------------------------------
>
>
>
>
> -----Original Message-----
> From: geek_brigades () yahoo com [mailto:geek_brigades () yahoo com]
> Sent: Thursday, February 02, 2006 8:27 AM
> To: focus-ids () securityfocus com
> Subject: IPS Reliability/Availability
>
> I am working on a big IPS project and I am very concerned about
> installing an inline device in a core enterprise network, where these
> devices have the potential to create big time network outages.
>
> Can you, please, share your possible bad experiences about the
> reliability of the following inline IPS products:
>
> ISS
> TippingPoint
> Juniper IPS
> Sourcefire
> McAfee IntruShield
>
> Have you had any issues with the availability of these devices,  
> such as
> fail close crashes or do you have any experience with bypass switches
> that would mitigate the availability issue?
>
> Thanks,
> Mike
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
> CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
> ids_040708
> to learn more.
> ---------------------------------------------------------------------- 
> --
> _________________________________________________
> NOTICE:
> This email may contain confidential information,
> and is for the sole use of the intended recipient.
> If you are not the intended recipient, please reply
> to the message and inform the sender of the error
> and delete the email and any attachments from
> your computer.
> _________________________________________________
>
> ---------------------------------------------------------------------- 
> --
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- 
> ids_040708
> to learn more.
> ---------------------------------------------------------------------- 
> --

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD9J6Qqj0FAQQ3KOARAiElAJ96YZCSRUWJzU8hQZ2zKIsslDH6RQCfV9K1
sLDLFCtnciiLmvCYHUbPgv8=
=+eOq
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------