This thread is better placed on the IDS list. However,
I would recommend avoiding making product selection decisions based on
publications that run advertising from the vendors being reviewed. Instead
use them to identify possible showstoppers and then run the finalists
through a beauty contest.
Nss.co.uk are a more independent source of information, but even then the
vendors pay for the tests (correct me if I'm wrong) and if the vendor can't
afford or their product hasn't changed a great deal since the last NSS
review, they may not be there.
Each product differs in functionality and capability as your network will
differ from anyone else's. Moreover, so does your ability to monitor/manage
said products. Marrying the ideal product to your network and ability can
be best achieved on the ground. Consider all the reviews and shouts that
product A or B is best, then try a few of those that seem the prettiest and
most suited to your environment. You may be surprised about how unsuitable
some of the market leading products are.
Finally don't forget that certain unscrupulous vendors may shout that their
product is best by human proxy or from anonymous addresses. (surely not!)
Regards
Andy Cuff
Chief Technology Officer
Computer Network Defence Ltd
http://www.securitywizardry.com
07010 709014
-----Original Message-----
From: Todd Towles [mailto:toddtowles@brookshires.com]
Sent: 20 December 2005 21:55
To: Josh Perrymon; krishy_k@hotmail.com; pen-test@securityfocus.com
Subject: RE: IPS Comparison
I have talked to clients and they did not like the RadWare
box. They say the management interface is unusable and the
box isn't stable.
I have played with the ISS and Cisco products and have been happy...
Again-- I haven't spent much time with either of the products
but have "heard" from several large state clients about the
Radware box so don't take this post for much more than mere
conversation.
I met the head engineers from RadWare at a conference and they seemed
nice... I think all their stuff is from Israel??
Information Security Mag has a IPS Comparison in their Nov 2005 issue
Quick and Dirty Results =
Cisco Systems - Intrusion Pevention Sensor 4255 Series = B
ISS - Preventia Network Proteciton Appliance 6400 = B+
Radware - Defense Pro = C+
Sourcefire - 3D System Intrusion Sensor 3000 = B+
Top Layer Networks - Attack Mitigator IPS 5500 = A-
Of course, this is just the quick and dirty, there are pro and cons for
all. Kinda have to read the article to get all the reasons.
-Todd
--------------------------------------------------------------------------
----
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
--------------------------------------------------------------------------
-----
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
