ISS Proventia is not a purely signature-based engine. It's a hybrid. Protocol analysis & signatures. It does have DoS and DDoS detection capabilities, although it does not have a comprhensive flow-monitoring engine like TippingPoint or Intruvert. Also, my experience has been that ISS is very good with new worms and attacks. Since ISS's X-force discovers most of the root-level vulnerabilities, they usually have protection updates on their boxes before the exploit hits the wild.
The G100 is a very strong IPS and very flexible. But, it has a steep learning curve. DISCLIAMER: I am a reseller of ISS gear. ___________________________________ Andrew Plato, CISSP President/Principal Consultant ANITIAN ENTERPRISE SECURITY 3800 SW Cedar Hills Blvd, Suite 280 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ GPG fingerprint: 16E6 C5B0 B6CB F287 776E E9A9 AF47 9914 3582 633D GPG public key available at: http://www.anitian.com/corp/keys.htm -----Original Message----- From: Avi C [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 1:15 AM To: Joel Esler; Leigh Anderson Cc: [email protected] Subject: Re: ISS Proventia G100's Good signature-based engine with comprehensive attack signature DB but with very limited behavioral analysis (statistical analysis) capabilities. This means that known exploits will be mitigated thoroughly (good methods against evasion techniques) but behavioral-based attacks such as DoS & DDoS flood attack and new/unknown worms will not be detected efficiently. Avi. ----- Original Message ----- From: "Joel Esler" <[EMAIL PROTECTED]> To: "Leigh Anderson" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Friday, July 22, 2005 10:02 PM Subject: Re: ISS Proventia G100's > http://www.scmagazine.com/products/index.cfm? > fuseaction=GroupTestDetails&GroupId=19076 > > > On Jul 21, 2005, at 9:53 PM, Leigh Anderson wrote: > > > Hi, > > > > We are looking at the ISS Proventia G100 Boxes as an option for one > > of our clients, I am keen to hear any good/bad reports about them, > > effectiveness, and any other comments you might have. > > > > Thanks in advance, > > > > Leigh Anderson > > > > > > - Leigh Anderson - [ Internode - Agile Communications ] - > > - Ph 08 8228 2999 - [Level 2 / Corporate Support & Provisioning] - > > - Mb 0400 292 494 - [ [EMAIL PROTECTED] ] - > > > > > > ---------------------------------------------------------------------- > > -- > > Test Your IDS > > > > Is your IDS deployed correctly? > > Find out quickly and easily by testing it with real-world attacks > > from CORE IMPACT. > > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus- > > ids_040708 to learn more. > > ---------------------------------------------------------------------- > > -- > > > > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
