Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE: Which is the most widely deployed commercial IPS

from [thunking] Network Security [Permanent Link]
Subject: Re: RE: Which is the most widely deployed commercial IPS
Date: 27 Apr 2006 05:49:43 -0000 
I should have clarified.. yes I was talking about network IPS. I wasn't so 
interested in marketshare as that doesn't necessarily mean a quality product at 
least in the network IPS space. What I was really interested in is which 
product is known to be deployed on the largest number of machines and therefore 
seeing the largest breadth of traffic. Since by the admission of the someof the 
vendors on this list, it is notpossible to test in the lab, I take that to mean 
that my best bet is to go with a company who;s products are deployed in 
blocking mode in the widest variety of machines around. Take an example.. 
recently as a pilot we handed out free copies of Norton Internet Security and 
Norton Antivirus to a subset of our students and monitored their experiences. 
Not a single FP except for an issue with Yahoo cross-site scripting, which 
turned out was not really an FP. Both these products now have Network based 
Intrusion Prevention, and whats nice is that all signatures ship in b
 locking mode. Now it occurs to me that of all the NIPS products out there, NIS 
and NAV might be the ones that see the largest breadth of traffic. By last 
count I believe some analysts estimate the number of customers to be around the 
100 million mark. Thats a 100 million unique users actively running NIPS 
signature in blocking mode. To me that pretty convincing that if just a large 
deployment of blocking signatures rarely causes FPs (there are 1 or 2 every now 
and then), then the enterprise version Symantec Client Security that has the 
same signature set must be good as well. Are there other examples of products 
from other vendors with this kind of a deployment ?

Where am I going with this...? My biggest concern for the deployment I am 
targeting is False Positives. I definitely want the signature to be in 
blocking-mode out of the box. I am seeing companies like ISS ship many 
signatures in non=blocking mode, which at least for me is useless. Whats the 
point having the customer try to figure out if a signature should be switched 
back to blocking on not. So a product like that definitely out of the running. 

Could do with some feedback from customers on here to help cut through the 
marketing and false claims.

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Unable to configure IDSM for traffic analysis, Arndt.WA
Next by Date:  RE: RE: Which is the most widely deployed commercial IPS, Alan Shimel
Previous by Thread:  RE: Which is the most widely deployed commercial IPS, Andrew Plato
Next by Thread:  RE: RE: Which is the most widely deployed commercial IPS, Alan Shimel
Indexes:  [Date] [Thread] [Top] [All Lists]