Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IPS comparison

From: "Alexis Villagra - VILSOL LatinAmerica" <alexis () vilsol com>
Date: Tue, 26 Jul 2005 03:54:59 -0500
check sonicwall IPS at www.sonicwall.com it argues to habe mor e than 1800
ips signatures more than any other

-----Mensaje original-----
De: Lyal Collins [mailto:lyal.collins () key2it com au]
Enviado el: Martes, 26 de Julio de 2005 02:11 a.m.
Para: mleroux () lincsat com; 'Leif Sawyer'; pen-test () securityfocus com
Asunto: RE: IPS comparison


I'd also suggest get trial boxes/software from the vendor(s) on your short
list, and do a comparison In Your Environment.

Everyone's mileage varies with these products so far - useability.
Configurability, rule/policy creation, false alerts.

Or install Snort with felxresp or inline, and assess what you really need
from an IPS before you buy one.

To be controversial, here's a parting thought for the community:
Since your web/application servers are always your "IPS of last resort"
(i.e. eventually, packets always get to your apps), are IPS products in the
essential category, nice to have category, or a "status" product?
(I actually think they are better for reporting and alerting than the label
IPS suggests)

Lyal



-----Original Message-----
From: Martin [mailto:mleroux () lincsat com]
Sent: Tuesday, 26 July 2005 9:02 AM
To: 'Leif Sawyer'; pen-test () securityfocus com
Subject: RE: IPS comparison


A Good start would be to have a look at http://www.nss.co.uk/ it features a
number of products and very well done.

Cheers

-----Original Message-----
From: Leif Sawyer [mailto:lsawyer () gci com]
Sent: Monday, July 25, 2005 4:34 PM
To: pen-test () securityfocus com
Subject: RE: IPS comparison


bw [bjshhsjb \@ yahoo.com]  wrote:

I have been tasked with comparing IPS appliances. I am seriously
looking at top layer's product line and tipping point. Does anyone
have a spreadsheet or know of any tool they would be willing to share
for comparing products. Im new to this so any help would be
appreciated


I almost wonder if it's of more importance to review the IDS
collection/analysis engines?

With so much data available, who has time to look at it all, without some
method of distilling it all down to useful data?

Protego (now Cisco MARS), Checkpoint Eventia, ...

are there any others?  There must be.  But with this being such a "new"
model, I haven't seen a lot of information comparing these types of products
yet.



__________ NOD32 1.1177 (20050725) Information __________

This message was checked by NOD32 antivirus system.
  part000.txt - is OK

http://www.eset.com


__________ NOD32 EMON 1.1177 (20050725) information __________

The email was checked by the NOD32 antivirus system:
email from: lyal.collins () key2it com au to: mleroux () lincsat com; 'Leif
Sawyer'; pen-test () securityfocus com with subject RE: IPS comparison dated
07/26/2005 2:44  - is OK

http://www.eset.com


__________ NOD32 EMON 1.1177 (20050725) information __________

The email was checked by the NOD32 antivirus system:
email with subject RE: IPS comparison dated 07/26/2005 3:54  - is OK

http://www.eset.com
Previous By Date Next
Previous By Thread Next

Current thread: