New IPS test in Network World

[Joel M Snyder <Joel.Snyder () Opus1 COM>]

The IPS test that David Newman and I did has just been published.  It's 
a (if you don't mind me saying so) amazingly good performance test, and 
we also have some usability comments as well as completeness and 
correctness.  The story package itself is quite large, but the starting 
point is at:

http://www.networkworld.com/reviews/2006/091106-ips-test.html

There's the big performance test with great graphs & tables, and:
        - a video of the testing
        - usability testing report on IPS consoles
	- a discussion of how IPS devices fell down with part of our testing 
(SNMP is just a bit too exotic of a protocol, evidentally, and Cisco is 
just too exotic and unusual of a vendor)
        - where we saw problems in the coverage of the IPSes
plus little "mini-reviews" of the 6 products participating.

You have to register to read on; my apologies, but if you want to just 
pretend to be me (there is no password) then feel free.

When a review like this comes out, the first 20 or 30 feedbacks we 
always get are "why didn't you include vendor <x>?"  The answer in this 
case for any vendor <x> of significance (Sourcefire, Juniper, Cisco, 
ISS, the usual gang of tier 1 players) is "they didn't want to come 
play."  You can read whatever you want into that, but you'll see our 
speculation on the issue in the discussion of coverage problems we saw.

jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms () Opus1 COM                http://www.opus1.com/jms

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw 
to learn more.
------------------------------------------------------------------------