Another question for everyone, When you brought in each vendor for evaluation, did you configure a test network for them or did you use your production network? My 1st concern is keeping my job :o) If I test in production, I could impact production traffic. If I don't test in production, how can I best ensure that I won't have problems with custom applictions, older IP stacks which could be an issue if RFC compliance checks are done, etc. The vendor answer is always, "don't turn on blocking and just monitor." Is that a reality? I'd like some testimonials to this and some real life instances of what has been done from unbiased sources.
Thanks, VT > All, > > I work on a team that manages signature and behavioral based intrusion > detection > systems today. We have been tasked with reviewing IPS (or whatever vendor > name > acronym you prefer) in '06. Our normal process is to put together a base > requirements document to weed out vendors in the first round through a paper > excercise and then bring in the best we can identify. My question is, has > anyone developed a matrix that identifies key qualifiers in an IPS solution > (e.g. in-line, fails open/closed, reporting features, etc.). If so, could > you > provide links or the documents? > > If not, what categories are most significant to consider in your expert > opinions? What reasons did you choose the solution you have? What would you > consider if you had to choose over again, etc? > > Thanks in advance for your responses. > > VT > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
