We are testing MULTI-Gigabit IPS products right now, to include Sourcefire as well as all the usual suspects :o)
Results to be published later this year Bob Walder The NSS Group On 13/2/06 16:24, "David Williams" <[EMAIL PROTECTED]> wrote: > Actually, I'm seeing other vendors, SourceFire being one of the ones > in the eval list below, who have not gone the ASIC route, but have > gone with a kind of RISC architecture to get speed. Their pitch is > that they get the performance of the ASIC vendors by using multiple > RISC chips (I think the base model that does a gig inline has 6 RISC > processors) to handle the load (plus an extra processor to handle the > management end of things... so 7 all together). They are claiming > performance of an ASIC but the flexibility of software. Not sure how > valid that claim is. > > Question 1 : I'm wondering if anybody has tested these or stacked > them up next to the ASIC brands to test perfomance, and if so, can > they provide some feedback. > > Question 2: Does anybody have a list of which vendors are using ASICs > for performance and which are using this RISC type architecture for > performance? > > Question 3: Not so much a question, but a general request; I'd be > interested in a "pro vs con" for each if anybody gets their hands on > them. > > -d > > On 2/6/06, Andrew Plato <[EMAIL PROTECTED]> wrote: >> Most of these devices are pretty good for reliability. The only >> exception I would make is SourceFire, which back when we sold it had >> abysmal reliability (3 out of 4 boxes we sold to a customer show up dead >> or died soon after installation). >> >> TippingPoint sells a zero-power bypass add-on for their IPS. If the IPS >> fails in anyway, traffic is passed through the zero-power device. Its >> very easy to add. Juniper does something similar. >> >> ----------------------------------------------- >> Andrew Plato, CISSP, CISM >> President/Principal Consultant >> Anitian Enterprise Security >> >> ----------------------------------------------- >> >> >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> Sent: Thursday, February 02, 2006 8:27 AM >> To: [email protected] >> Subject: IPS Reliability/Availability >> >> I am working on a big IPS project and I am very concerned about >> installing an inline device in a core enterprise network, where these >> devices have the potential to create big time network outages. >> >> Can you, please, share your possible bad experiences about the >> reliability of the following inline IPS products: >> >> ISS >> TippingPoint >> Juniper IPS >> Sourcefire >> McAfee IntruShield >> >> Have you had any issues with the availability of these devices, such as >> fail close crashes or do you have any experience with bypass switches >> that would mitigate the availability issue? >> >> Thanks, >> Mike >> >> ------------------------------------------------------------------------ >> Test Your IDS >> >> Is your IDS deployed correctly? >> Find out quickly and easily by testing it with real-world attacks from >> CORE IMPACT. >> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 >> to learn more. >> ------------------------------------------------------------------------ >> _________________________________________________ >> NOTICE: >> This email may contain confidential information, >> and is for the sole use of the intended recipient. >> If you are not the intended recipient, please reply >> to the message and inform the sender of the error >> and delete the email and any attachments from >> your computer. >> _________________________________________________ >> >> ------------------------------------------------------------------------ >> Test Your IDS >> >> Is your IDS deployed correctly? >> Find out quickly and easily by testing it >> with real-world attacks from CORE IMPACT. >> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 >> to learn more. >> ------------------------------------------------------------------------ >> >> > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
