I am not quite sure I would agree with your statement regarding the NSS is probably the best and most neutral IPS testing body. The issue is what is the differentiating factors amongst IPS products, marketing, functionality, speed. The approach should be the same as aren't all products in the IPS space should understand how to detect a simple exploit, understand what to do with it, and log accordingly. Under various network conditions the ability to detect, block, log mileage may vary. (no traffic, x traffic over y number of mbps, mix and match of legit traffic with exploits). The value of the report is ok, but the true value is what IPS companies will do to meet the marketing literature that they present in front of customers. If the test results do not match the marketing literature, what does an IPS vendor do: 1. Send a note to the testing company not to include the test results in the public report 2. Invest more money in the IPS product to address the shortcomings of the product in order to meet marketing literature 3. Yell and scream and the product testing house, stating that the IPS vendor quality assurance team or software engineers was not able to reproduce the product testing house findings. 4. Inform the product testing house that their testing methodology is flawed, 5. Fire the marketing team 6. Re-shuffle executives 7. Get acquired
I do not view the findings as "well at least they beat Juniper", it should be what investment is TP willing to make to address the findings in the report and what other testing certification bodies are they working with to ensure the findings in the NSS report are valid.. :) cheers /mht On Wed, Dec 9, 2009 at 9:21 AM, <[email protected]> wrote: > This is what TP is referring to: > > http://www.networkworld.com/news/2009/120709-ips-tests.html?hpg1=bn > > I have seen the full report and it is fair to say that TP did very poor > compared to the competition. This is really no surprise for those of us > close to the industry who understand TP's heritage and approach. exploit > driven coverage with limited evasion capabilities wrapped around a pretty UI > is a recipe for security by obscurity. Well, at least they beat out Juniper > :) > > Oh and NSS is probably the best and most neutral IPS testing body out there > by far. This particular report is 100% independent and extremely > comprehensive (the best I've seen to date) and includes coverage, > performance, Evasion, and various TCO rankings. I *highly* recommend you > obtain the report if you are interested and have the money to do so... > > ----------------------------------------------------------------- > Securing Your Online Data Transfer with SSL. > A guide to understanding SSL certificates, how they operate and their > application. By making use of an SSL certificate on your web server, you can > securely collect sensitive information online, and increase business by > giving your customers confidence that their transactions are safe. > http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194 > > > ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
