I'd also suggest get trial boxes/software from the vendor(s) on your short
list, and do a comparison In Your Environment.
Everyone's mileage varies with these products so far - useability.
Configurability, rule/policy creation, false alerts.
Or install Snort with felxresp or inline, and assess what you really need
from an IPS before you buy one.
To be controversial, here's a parting thought for the community:
Since your web/application servers are always your "IPS of last resort"
(i.e. eventually, packets always get to your apps), are IPS products in the
essential category, nice to have category, or a "status" product?
(I actually think they are better for reporting and alerting than the label
IPS suggests)
Lyal
-----Original Message-----
From: Martin [mailto:mleroux@lincsat.com]
Sent: Tuesday, 26 July 2005 9:02 AM
To: 'Leif Sawyer'; pen-test@securityfocus.com
Subject: RE: IPS comparison
A Good start would be to have a look at http://www.nss.co.uk/ it features a
number of products and very well done.
Cheers
-----Original Message-----
From: Leif Sawyer [mailto:lsawyer@gci.com]
Sent: Monday, July 25, 2005 4:34 PM
To: pen-test@securityfocus.com
Subject: RE: IPS comparison
bw [bjshhsjb \@ yahoo.com] wrote:
I have been tasked with comparing IPS appliances. I am seriously
looking at top layer's product line and tipping point. Does anyone
have a spreadsheet or know of any tool they would be willing to share
for comparing products. Im new to this so any help would be
appreciated
I almost wonder if it's of more importance to review the IDS
collection/analysis engines?
With so much data available, who has time to look at it all, without some
method of distilling it all down to useful data?
Protego (now Cisco MARS), Checkpoint Eventia, ...
are there any others? There must be. But with this being such a "new"
model, I haven't seen a lot of information comparing these types of products
yet.
