[snip]... I will be beginning evals of IntruVert soon, with NetScreen IDP to
follow. For functionality ("speeds and feeds") criteria, I am relying
heavily on OSEC, because the Neohapsis crew knows their stuff and nothing is
hidden .... [snip]
I like the NeoHapsis guys too, but the OSEC stuff is very like the ICSA
certification for firewalls, etc - you get your checklist and your
"PASS/FAIL" mark - "Just Another Certification Scheme"
Whilst the OSEC results are always interesting and should not be ignored,
anyone serious about deploying Gigabit IDS or Intrusion Prevention should
definitely be reading the latest NSS Group report
(www.nss.co.uk/gigabitids). The methodology looks every bit as thorough as
the OSEC stuff (they complement each other in several areas) but they also
go to the trouble of providing many pages per product of detailed subjective
technical evaluations - features and benefits, scalability, ease of use,
completeness of alert handling, reporting, forensics, etc, etc
OK, so you have to pay for the full report, but it's only $50 and if you
can't get the budget for that then you are definitely NOT interested in
deploying Gigabit IDS ;o)
We are looking at deploying such products at the moment across a large
organisation throughout Europe, and I personally would not be putting ANY
product forward to be considered until I had seen what the NSS guys had to
say about it.
I am hoping that both Netscreen and Sourcefire will be in the next edition
and I have to say that Dragon was off our list of IDS for ANY speed of
network some time ago due to its constant omission from these reports (you
don't have to pay for the 100Mbit IDS reports, they are all on-line for free
in full).
My 0.02
Rick
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 3 months FREE*.
http://join.msn.com/?page=features/featuredemail&xAPID=42&PS=47575&PI=7324&DI=7474&SU=
http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_addphotos_3mf
Received on Dec 27 2002
Intro
