Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Radware DefensePro vs McAfee Intrushield vs TippingPoint UnityOne

from [Julius Detritus] Network Security [Permanent Link]
Subject: RE: Radware DefensePro vs McAfee Intrushield vs TippingPoint UnityOne
Date: Wed, 29 Sep 2004 06:55:54 +0200 
Hi,


Have anyone experience with these systems?
What are the Pros & Cons?


We have tested Radware, McAfee and TippingPoint products in order to secure
our SOC. Our needs where mainly :
- Intrusion detection/prevention
- DoS/DDoS protection and Bandwidth management
- Scalability
- Performance

We tested the following systems : 
- Radware DefensePro / AS3 + Stringmatch engine
- McAfee IntruShield 4000
- TippingPoint UnityOne 2400

In terms of Intrusion Detection and Prevention those three products behave
quite the same : good signature base, very low false positive rate and
"acceptable" false negative rate.

For DoS and DDoS protection the Radware product appeared to be the best
solution based on :
- SYN Cookies for SYN Floods attacks
- signature + trfaic sampling based (stream anomaly analysis) for DDoS. 
What is more the Bandwidth Management feature is very powerfull (quite
normal as it is one of Radware original core business) and allows to isolate
attacks so that all your  links don't get flooded. 

Scalability really depends on your needs. We needed to secure 4 segments at
first. Only Radware and Tippingpoint products provided enough segment
protection in a single product. However Tippingpoint was limited to 4
segmentsn which wouldn't allow us to add new segments with the same box.
Radware supports 8 segments which would, at last make a lower cost/segment.

Last the DefensePro with AS3 and Stringmatch engine hardware gave better
results in terms of latency as well as stability (...), as far as we could
simulate up to 200 Mbps of trafic mixing legitimate trafic, real intrusion
attempts, SYN Flood, portscan and "strange" packets. Once again these
results are not surprising as Radware uses the same hardware platform (AS3)
than for other products of its core business + a specific hardware
(stringmatch) for signatures analysis.

My 0,02$

Julius



___[ Pub ]____________________________________________________________
Inscrivez-vous gratuitement sur Tandaime, Le site de rencontres !
http://rencontre.rencontres.com/index.php?origine=4


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE 
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Snort, Graeme Connell
Previous by Thread:  Radware DefensePro vs McAfee Intrushield vs TippingPoint UnityOne, Jochen Vogel
Indexes:  [Date] [Thread] [Top] [All Lists]