IDS mailing list archives
RE: Juniper and ISS Protocol Anomaly Detection Evaluation
From: "Steven Williams" <Steven.Williams () computershare com au>
Date: Tue, 16 May 2006 08:52:54 +1000
Guys, Have a look at Extreme Networks Sentriant. More designed for internal protection than perimeter, this offers true Day Zero mitigation instead on relying on signatures or patterns, and also looks at layer 2 traffic as well. Steve -----Original Message----- From: Reynolds, Wayne [mailto:Wayne_Reynolds () condenast com] Sent: Tuesday, 16 May 2006 2:01 AM To: Mike Youngs Cc: focus-ids () lists securityfocus com Subject: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Mike, We have already compared these two solutions in depth and ended up choosing Juniper. We already use NetScreens as our firewall solution and Juniper will be offering an IDP module for the NetScreens very shortly which will incorporate the IDP management within their pre-existing NSM console package. Personally, I found ISS' management console much more intuitive, but I felt that their tech support was severely lacking. Their support team just never seemed interested in giving us any help. -Wayne ________________________________________ Wayne D Reynolds Network Engineering and Security Conde Nast Publications mailto:wayne_reynolds () condenast com -----Original Message----- From: Mike Youngs [mailto:myoungs () glenergy com] Sent: Friday, May 12, 2006 8:06 AM To: focus-ids () lists securityfocus com Subject: Juniper and ISS Protocol Anomaly Detection Evaluation Hello Everyone, I am doing a network based intrusion detection and prevention system evaluation, and have come across something I would like this groups collective experience to give an opinion on. For various reasons, we have settled on making a selection between the Juniper IDP 600C and the ISS Proventia GX5008. During our evaluation, we have found that Juniper and ISS offer their protocol anomaly detection means in much different ways. What I would like to hear from this group is your experience and insight with either product's protocol anomaly detection. If someone has insight and/or experience with both products, that will be that much better. I hope to find out if each vendor's protocol anomaly detection features are essentially the same thing, or if one is superior over the other and why, so I can make a more informed decision on this feature. Another way to say it is, does "protocol anomaly detection" mean the same thing to both vendors? It appears that "attack pattern" means something different to each vendor. One considers in the actual string or pattern to look for in a packet, and the other considers is it multiple events when viewed as a whole could mean an attack on a system. Any insight would be appreciated! Thanks in advance, Mike Youngs Network Manager Great Lakes Energy ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ --- This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain information that is confidential and privileged. If you receive this email in error, please advise us by return email immediately. Please also disregard the contents of the email, delete it and destroy any copies immediately. Computershare Limited and its subsidiaries do not accept liability for the views expressed in the email or for the consequences of any computer viruses that may be transmitted with this email. This email is also subject to copyright. No part of it should be reproduced, adapted or transmitted without the written consent of the copyright owner. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Juniper and ISS Protocol Anomaly Detection Evaluation Mike Youngs (May 15)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Chris Hummel (May 16)
- Ha: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Dmitry V Ushakov (May 17)
- RE: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Security Focus (May 18)
- Ha: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Dmitry V Ushakov (May 17)
- <Possible follow-ups>
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Reynolds, Wayne (May 15)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Compton, Rich (May 16)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Steven Williams (May 16)
- Re: Juniper and ISS Protocol Anomaly Detection Evaluation Stefano Zanero (May 18)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Biswas, Proneet (May 19)
- Re: Juniper and ISS Protocol Anomaly Detection Evaluation Eric Hanselman (May 18)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Biswas, Proneet (May 19)
- Re: Juniper and ISS Protocol Anomaly Detection Evaluation Stefano Zanero (May 18)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Chris Hummel (May 16)