The IPS test that David Newman and I did has just been published. It's
a (if you don't mind me saying so) amazingly good performance test, and
we also have some usability comments as well as completeness and
correctness. The story package itself is quite large, but the starting
point is at:
http://www.networkworld.com/reviews/2006/091106-ips-test.html
There's the big performance test with great graphs & tables, and:
- a video of the testing
- usability testing report on IPS consoles
- a discussion of how IPS devices fell down with part of our testing
(SNMP is just a bit too exotic of a protocol, evidentally, and Cisco is
just too exotic and unusual of a vendor)
- where we saw problems in the coverage of the IPSes
plus little "mini-reviews" of the 6 products participating.
You have to register to read on; my apologies, but if you want to just
pretend to be me (there is no password) then feel free.
When a review like this comes out, the first 20 or 30 feedbacks we
always get are "why didn't you include vendor <x>?" The answer in this
case for any vendor <x> of significance (Sourcefire, Juniper, Cisco,
ISS, the usual gang of tier 1 players) is "they didn't want to come
play." You can read whatever you want into that, but you'll see our
speculation on the issue in the discussion of coverage problems we saw.
jms
--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
jms@Opus1.COM http://www.opus1.com/jms
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
