VT, My suggestion would be a compromise, test products on a dev network and whittle down the contenders you will find showstoppers for certain products
Andy Cuff Chief Technology Officer Computer Network Defence Ltd http://www.securitywizardry.com 07010 709014 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: 29 October 2005 20:40 > To: [email protected] > Subject: Re: Intrusion Prevention requirements document > > Another question for everyone, > When you brought in each vendor for evaluation, did you configure a test > network for them or did you use your production network? My 1st concern > is keeping my job :o) If I test in production, I could impact production > traffic. If I don't test in production, how can I best ensure that I > won't have problems with custom applictions, older IP stacks which could > be an issue if RFC compliance checks are done, etc. > The vendor answer is always, "don't turn on blocking and just monitor." > Is that a reality? I'd like some testimonials to this and some real life > instances of what has been done from unbiased sources. > > Thanks, > > VT > > > > All, > > > > I work on a team that manages signature and behavioral based intrusion > detection > > systems today. We have been tasked with reviewing IPS (or whatever > vendor name > > acronym you prefer) in '06. Our normal process is to put together a > base > > requirements document to weed out vendors in the first round through a > paper > > excercise and then bring in the best we can identify. My question is, > has > > anyone developed a matrix that identifies key qualifiers in an IPS > solution > > (e.g. in-line, fails open/closed, reporting features, etc.). If so, > could you > > provide links or the documents? > > > > If not, what categories are most significant to consider in your expert > > opinions? What reasons did you choose the solution you have? What > would you > > consider if you had to choose over again, etc? > > > > Thanks in advance for your responses. > > > > VT > > > > ------------------------------------------------------------------------ > > Test Your IDS > > > > Is your IDS deployed correctly? > > Find out quickly and easily by testing it > > with real-world attacks from CORE IMPACT. > > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > to learn more. > > ------------------------------------------------------------------------ > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
