[unisog] Intrusion Prevention System (IPS) @ University

Zamri Besar zam4ever at gmail.com
Thu Aug 19 18:18:36 GMT 2010


On Mon, Aug 16, 2010 at 8:33 PM, Joel Esler <joel.esler at me.com> wrote:

> I usually try and not do this on this list, but seeing as I am a vendor
> (Sourcefire) let me add my two cents.
>
> The amount of users really shouldn't matter when it comes to IPS.  At all.
>  In fact, none of your below criteria are big selection points.  We, as IPS
> vendors, can all do all three of those depending on how big of a box you
> want to buy.
>
> The difference is features.
>
> Can you read the rules?
> Can you write your own?
> What kind of documentation is provided for the rules?
> How oftern are they updated?
> How advanced (or granular) is the interface?
>
> 200 Mbps is a very easily achieveable number.  It's only when you get up in
> the >10 Gig space where the air gets really thin in the IPS vendor space.
>
> Joel
>
>
> On Sun, Aug 15, 2010 at 05:11:31PM -0400, Vijay Sarvepalli wrote:
> > Tippingpoint is good for performance at the scale where you are talking
> about.  The SMS management is also reasonably easy.  However, you loose
> granular control with Tippingpoint and reporting interface is poorly
> designed.
> >
> > I am not as familiar with cisco IPS, but from early testings..
> > I remember Cisco IPS to be not great for performance.  The management
> also is not very friendly.
> >
> > Note IPS does not remove your need for other monitoring.  TippingPoint
> type products provide good 1st level filtering which block lots of generic
> threats and scripted "probing" or reconnaissance to your environment.   That
> is all they can do.  But they do make a good business case for "automated
> filtering" of level 1 and level 2 threats.
> >
> > Vijay
>


Dear all,

Thank you very much for all advices and comments.

I've requested PoC for Cisco, Juniper and Tipping Point to send their box
and our team will test it.

Thank you. :)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20100820/db2c2a19/attachment.htm 


More information about the unisog mailing list