Cisco IPS and Cisco MARS are two separate products, MARS is more of a
complement and correlation engine for IPS. IPS 5.0 is a much improved
improvement on 4.1. That being said, I really doesn't do much more than what
you could get a snort box to do. The only advantage we have is that we have
the IPS modules on the 6509. If I where picking it out today I would more
than likely take a good look at sourcefire. After all it's the guys that
wrote snort. I've also heard good things about the Symantec IPS, It's not
signature based, it's based off the RFC's. But I would think the false
positive rates would be high but there not.
-----Original Message-----
From: Martin [mailto:mleroux@lincsat.com]
Sent: Monday, July 25, 2005 4:02 PM
To: 'Leif Sawyer'; pen-test@securityfocus.com
Subject: RE: IPS comparison
A Good start would be to have a look at http://www.nss.co.uk/ it features a
number of products and very well done.
Cheers
-----Original Message-----
From: Leif Sawyer [mailto:lsawyer@gci.com]
Sent: Monday, July 25, 2005 4:34 PM
To: pen-test@securityfocus.com
Subject: RE: IPS comparison
bw [bjshhsjb \@ yahoo.com] wrote:
I have been tasked with comparing IPS appliances. I am
seriously looking at top layer's product line and tipping
point. Does anyone have a spreadsheet or know of any tool
they would be willing to share for comparing products. Im new
to this so any help would be appreciated
I almost wonder if it's of more importance to review the IDS
collection/analysis engines?
With so much data available, who has time to look at it all, without some
method of distilling it all down to useful data?
Protego (now Cisco MARS), Checkpoint Eventia, ...
are there any others? There must be. But with this being such a "new"
model, I haven't seen a lot of information comparing these types of products
yet.
