> -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Friday, March 10, 2006 2:42 AM > To: [email protected] > Subject: Re: RE: IPS Reliability/Availability > > > The primary "con" is that it's a fairly new approach, and therefore it's > > difficult to get people on the bandwagon. > > - it's hard to convince people that this solution is actually as > > fast (or faster) than an ASIC solution for the same price. ASICs have > > been around a long time, and people have a kind of warm fuzzy from that > > older technology. > > I'm wondering why CPU cluster technology that you are deploying is > considered new in comparison to ASIC/FPGA/NP technology.
Primarily because it is newer than those technologies. Can you offer any examples in which this approach was applied to bundled network security point solutions prior to the advent of ASICs? But to your point... you're right that the concepts are similar in that, at some point, you ultimately reduce the problem to processors processing data. However, the RISC based solution removes "forklift upgrade" from the user's vocabulary. > Obviously, "software + CPU cluster" technology has some attractive > properties. > However, it also has several nasty properties, especially in the IDS > space. In addition, the problems get nastier with adding more CPUs to the > cluster, so there are a limit how many CPUs you can put in a cluster. > For starters, if your load balancing scheme is based on TCP/UDP port > numbers, > you'll have a hard time detecting even simple port scan. > > - Jack This might be partially true if the load balancing assumption were correct, but at least in the one implementation (NFR) with which I am familiar, it is not. Can you enumerate some of the inherent "nasty properties" to which you allude? -MAB ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
