[unisog] IPS

Anthony Scaturro scaturro at Princeton.EDU
Mon Feb 7 20:55:57 GMT 2005


Hi Wes,
At Princeton, we deployed a couple McAfee's IntruShield devices last 
June.  We selected IntruShield in March of 2004 after looking at IPS 
products for about a year.  We had looked at six products during that 
time frame:  NetScreen (Juniper), Tipping Point, Fortinet, Symantec, 
Inkra Networks and IntruShield.  We tested for effectiveness against 
attack, usability, speed, administrative features, network 
implementation flexibility.  Each of the products had their strengths:  
NetScreen we felt had the most usable user interface, Tipping Point was 
the best we had seen in handling high throughput situations.  We didn't 
feel that Fortinet, Inkra and Symantec were competitive in the IPS space 
with Netscreen, Tipping Point and IntruShield in our estimation AT THAT 
TIME.  I believe that Fortinet has made some significant improvements in 
the IPS area.  The others I haven't followed since then.  We went with 
IntruShield because it proved to be the most effective at detecting 
attacks and consistently ranked high (#1 or #2) in our study in all 
categories.  In our experience, the product has functioned as well as we 
had expected.

Now, the caveat - Since most of the vendors have improved their products 
significantly over the last year, anyone looking at the market today may 
come up with different results.
Regards,
Anthony Scaturro
University IT Security Officer
Princeton University

Wes Young wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi all,
>     We're looking to venture into the IPS/IDP market.... I've been 
> looking
> at Juniper and ISS and was wondering if anyone here has gone into this
> market (at the internet boarder level), what they used, their
> experiences and why.... Any information is greatly appreciated!!!
>
> Thanks!
>
> - --
> Wes Young
> Network Security Analyst
> University at Buffalo
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.6 (GNU/Linux)
>
> iD8DBQFCB8Zr1M5o0FsrrbERAsCFAJ0bQXvKLFY+ISkqrJw0qUC3fRquwACbBGt2
> u8smAsh3NNqKnomL42/I+Vk=
> =WmHZ
> -----END PGP SIGNATURE-----
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>



More information about the unisog mailing list