IDS mailing list archives

RE: Juniper and ISS Protocol Anomaly Detection Evaluation

From: "Steven Williams" <Steven.Williams () computershare com au>
Date: Tue, 16 May 2006 08:52:54 +1000

Guys,

Have a look at Extreme Networks Sentriant. More designed for internal
protection than perimeter, this offers true Day Zero mitigation instead
on relying on signatures or patterns, and also looks at layer 2 traffic
as well.

Steve 

-----Original Message-----
From: Reynolds, Wayne [mailto:Wayne_Reynolds () condenast com] 
Sent: Tuesday, 16 May 2006 2:01 AM
To: Mike Youngs
Cc: focus-ids () lists securityfocus com
Subject: RE: Juniper and ISS Protocol Anomaly Detection Evaluation

Mike,

We have already compared these two solutions in depth and ended up
choosing Juniper.

We already use NetScreens as our firewall solution and Juniper will be
offering an IDP module for the NetScreens very shortly which will
incorporate the IDP management within their pre-existing NSM console
package.

Personally, I found ISS' management console much more intuitive, but I
felt that their tech support was severely lacking.  Their support team
just never seemed interested in giving us any help.

-Wayne

________________________________________
Wayne D Reynolds
Network Engineering and Security
Conde Nast Publications
mailto:wayne_reynolds () condenast com

  

-----Original Message-----
From: Mike Youngs [mailto:myoungs () glenergy com]
Sent: Friday, May 12, 2006 8:06 AM
To: focus-ids () lists securityfocus com
Subject: Juniper and ISS Protocol Anomaly Detection Evaluation

Hello Everyone,
 
I am doing a network based intrusion detection and prevention system
evaluation, and have come across something I would like this groups
collective experience to give an opinion on.
 
For various reasons, we have settled on making a selection between the
Juniper IDP 600C and the ISS Proventia GX5008.  During our evaluation,
we have found that Juniper and ISS offer their protocol anomaly
detection means in much different ways.  What I would like to hear from
this group is your experience and insight with either product's protocol
anomaly detection.
If
someone has insight and/or experience with both products, that will be
that much better.  I hope to find out if each vendor's protocol anomaly
detection features are essentially the same thing, or if one is superior
over the other and why, so I can make a more informed decision on this
feature.
 
Another way to say it is, does "protocol anomaly detection" mean the
same thing to both vendors?  It appears that "attack pattern" means
something different to each vendor.  One considers in the actual string
or pattern to look for in a packet, and the other considers is it
multiple events when viewed as a whole could mean an attack on a system.
 
Any insight would be appreciated!  Thanks in advance,
 
Mike Youngs
Network Manager
Great Lakes Energy

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708

to learn more.
------------------------------------------------------------------------




------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------


---
This email and any files transmitted with it are solely intended for the use of the addressee(s) and may contain 
information that is confidential and privileged.  If you receive this email in error, please advise us by return email 
immediately.  Please also disregard the contents of the email, delete it and destroy any copies immediately.
Computershare Limited and its subsidiaries do not accept liability for the views expressed in the email or for the 
consequences of any computer viruses that may be transmitted with this email.
This email is also subject to copyright.  No part of it should be reproduced, adapted or transmitted without the 
written consent of the copyright owner.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Current thread:

Juniper and ISS Protocol Anomaly Detection Evaluation Mike Youngs (May 15)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Chris Hummel (May 16)
  - Ha: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Dmitry V Ushakov (May 17)
    - RE: RE: Juniper and ISS Protocol Anomaly Detection Evaluation Security Focus (May 18)
- <Possible follow-ups>
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Reynolds, Wayne (May 15)
  - RE: Juniper and ISS Protocol Anomaly Detection Evaluation Compton, Rich (May 16)
- RE: Juniper and ISS Protocol Anomaly Detection Evaluation Steven Williams (May 16)
  - Re: Juniper and ISS Protocol Anomaly Detection Evaluation Stefano Zanero (May 18)
    - RE: Juniper and ISS Protocol Anomaly Detection Evaluation Biswas, Proneet (May 19)
  - Re: Juniper and ISS Protocol Anomaly Detection Evaluation Eric Hanselman (May 18)
    - RE: Juniper and ISS Protocol Anomaly Detection Evaluation Biswas, Proneet (May 19)