Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



IDS: Re: IPS Reliability/Availability

Re: IPS Reliability/Availability

From: Martin Roesch <roesch_at_sourcefire.com>
Date: Mon, 20 Feb 2006 11:46:14 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And as I said, it's not solely up to me to make happen but I'd like
to get some independent verification out there myself to give people
verification of our performance testing. People are rightfully
skeptical in this hype-driven industry, nothing proves a point like a
3rd party test and Sourcefire has always been successful at backing
up our claims.

      -Marty

On Feb 20, 2006, at 9:47 AM, Alan Shimel wrote:

> Marty with all due respect, I would like to see the 3rd party
> results with
> real world traffic to prove the bandwidth claims in full IPS mode
>
> alan
>
>
> StillSecure
> Alan Shimel
> Chief Strategy Officer
>
> O 303.381.3815
> C 516.857.7409
> F 303.381.3881
> email ashimel_at_stillsecure.com
> blog http://ashimmy.typepad.com
>
> www.stillsecure.com
> The information transmitted is intended only for the person
> to whom it is addressed and may contain confidential material.
> Review or other use of this information by persons other than
> the intended recipient is prohibited. If you've received
> this in error, please contact the sender and delete
> from any computer.
>
> -----Original Message-----
> From: Martin Roesch [mailto:roesch_at_sourcefire.com]
> Sent: Sunday, February 19, 2006 11:29 PM
> To: ashimel_at_stillsecure.com
> Cc: 'David Williams'; geek_brigades_at_yahoo.com; focus-
> ids_at_securityfocus.com;
> 'Rajat Bhargava'
> Subject: Re: IPS Reliability/Availability
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Feb 19, 2006, at 7:40 PM, Alan Shimel wrote:
>
>> Marty
>>
>> Correct me if I am wrong, but that is on the bivio box correct?
>
> Yes, we're OEM'ing the Bivio chassis.
>
>> Interestingly our tests on this platform were well below the
>> advertised
>> rates. Are you planning any 3rd party testing of it?
>
> I'm not sure what performance numbers you're referring to but I won't
> speculate. Much like Snort, you can't just take a stock build and
> put it on a system and expect it to achieve maximum performance, we
> have significant engineering resources available and a close
> relationship with the manufacturer to get our application performance
> where we want it to be. We've managed to achieve the maximum
> performance available with the chassis as it's configured today
> subject to max bandwidth available with the backplane architecture.
>
> There is an update that will be available RSN that will increase the
> throughput of the backplane as well as adding some other performance
> features to the chassis. For existing customers it'll be a firmware
> upgrade (back to the investment protection thing) and I think
> everyone who has one will like the results.
>
> As for 3rd party testing, we typically participate in those sorts of
> tests but its subject to the Sourcefire marketing team's bandwidth
> and our production schedule. We also have an extensive multi-gigabit
> testing environment in our labs and have tested the chassis
> extensively, from what I understand many of our customers and
> prospects consider our performance claims across our product lines to
> be rather conservative but you can take that with the appropriate
> amount of salt.
>
> -Marty
>
> - --
> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
> Sourcefire - Security for the Real World - http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFD+UWcqj0FAQQ3KOARAqURAJsE/1/fBmE/ZSvLWnydvvRigYtgNQCfU8Iq
> +lpXCbh2H0eTGliGLAa2PGA=
> =rrKo
> -----END PGP SIGNATURE-----
>

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFD+fJWqj0FAQQ3KOARAjkfAJ47LWaVOtRji6GqySDgDyEj1HpzOACbBlhK
GlSg1M3jpWlE8QJAJPHE8yI=
=FRKV
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
Received on Feb 21 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos