Wayne, I am really interested in your testing methodology then as when I performed similar analysis (though there was smaller IDP but it should not make sense as allof them run the same OS image, but what could is the ISS Network Sensor - a software version of the Proventia appliance) I would not give Netscreen a big preference. Though personally I would not vote for ISS as I do not like their Java-based SiteProtector but the "audit signatures" they are providing can be quite handy for some organizations whose goal is to monitor suspicious user activities. Signature coverage turned out to quite the same with a couple of extra points going to ISS for better representation of alerts in the SiteProtector.
And Mike, if I understood correctly you are looking for a solution that would not only provide high performance but also be highly tunable with regard to "anomaly detection" whichever it means... and you are not decided yet. If so I would recommend you looking at StoneGate IPS (www.stonesoft.com) their solution which includes a component called Analyzer allows creating customized "attack patterns" and thus control the triggering of IDS alarms only if certain sequence of events or a group of such events (i.e. packets or group of packets) have been seen. They also provide a good technical support. Best regards, Dmitriy Ushakov. Technical expert Information Security Department "TechnoServ A/S" Company "Reynolds, Wayne" <[EMAIL PROTECTED]> написано 15.05.2006 20:01:19: > Mike, > > We have already compared these two solutions in depth and ended up > choosing Juniper. > > We already use NetScreens as our firewall solution and Juniper will be > offering an IDP module for the NetScreens very shortly which will > incorporate the IDP management within their pre-existing NSM console > package. > > Personally, I found ISS' management console much more intuitive, but I > felt that their tech support was severely lacking. Their support team > just never seemed interested in giving us any help. > > -Wayne > > ________________________________________ > Wayne D Reynolds > Network Engineering and Security > Conde Nast Publications > mailto:[EMAIL PROTECTED] > > > > -----Original Message----- > From: Mike Youngs [mailto:[EMAIL PROTECTED] > Sent: Friday, May 12, 2006 8:06 AM > To: [EMAIL PROTECTED] > Subject: Juniper and ISS Protocol Anomaly Detection Evaluation > > Hello Everyone, > > I am doing a network based intrusion detection and prevention system > evaluation, and have come across something I would like this groups > collective experience to give an opinion on. > > For various reasons, we have settled on making a selection between the > Juniper IDP 600C and the ISS Proventia GX5008. During our evaluation, > we > have found that Juniper and ISS offer their protocol anomaly detection > means > in much different ways. What I would like to hear from this group is > your > experience and insight with either product's protocol anomaly detection. > If > someone has insight and/or experience with both products, that will be > that > much better. I hope to find out if each vendor's protocol anomaly > detection > features are essentially the same thing, or if one is superior over the > other > and why, so I can make a more informed decision on this feature. > > Another way to say it is, does "protocol anomaly detection" mean the > same > thing to both vendors? It appears that "attack pattern" means something > different to each vendor. One considers in the actual string or pattern > to > look for in a packet, and the other considers is it multiple events when > viewed as a whole could mean an attack on a system. > > Any insight would be appreciated! Thanks in advance, > > Mike Youngs > Network Manager > Great Lakes Energy > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > > to learn more. > ------------------------------------------------------------------------ > > > > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 > to learn more. > ------------------------------------------------------------------------
