Marty with all due respect, I would like to see the 3rd party results with
real world traffic to prove the bandwidth claims in full IPS mode
alan
StillSecure
Alan Shimel
Chief Strategy Officer
O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel@stillsecure.com
blog http://ashimmy.typepad.com
www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.
-----Original Message-----
From: Martin Roesch [mailto:roesch@sourcefire.com]
Sent: Sunday, February 19, 2006 11:29 PM
To: ashimel@stillsecure.com
Cc: 'David Williams'; geek_brigades@yahoo.com; focus-ids@securityfocus.com;
'Rajat Bhargava'
Subject: Re: IPS Reliability/Availability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Feb 19, 2006, at 7:40 PM, Alan Shimel wrote:
Marty
Correct me if I am wrong, but that is on the bivio box correct?
Yes, we're OEM'ing the Bivio chassis.
Interestingly our tests on this platform were well below the
advertised
rates. Are you planning any 3rd party testing of it?
I'm not sure what performance numbers you're referring to but I won't
speculate. Much like Snort, you can't just take a stock build and
put it on a system and expect it to achieve maximum performance, we
have significant engineering resources available and a close
relationship with the manufacturer to get our application performance
where we want it to be. We've managed to achieve the maximum
performance available with the chassis as it's configured today
subject to max bandwidth available with the backplane architecture.
There is an update that will be available RSN that will increase the
throughput of the backplane as well as adding some other performance
features to the chassis. For existing customers it'll be a firmware
upgrade (back to the investment protection thing) and I think
everyone who has one will like the results.
As for 3rd party testing, we typically participate in those sorts of
tests but its subject to the Sourcefire marketing team's bandwidth
and our production schedule. We also have an extensive multi-gigabit
testing environment in our labs and have tested the chassis
extensively, from what I understand many of our customers and
prospects consider our performance claims across our product lines to
be rather conservative but you can take that with the appropriate
amount of salt.
-Marty
- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFD+UWcqj0FAQQ3KOARAqURAJsE/1/fBmE/ZSvLWnydvvRigYtgNQCfU8Iq
+lpXCbh2H0eTGliGLAa2PGA=
=rrKo
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
