IDS: Re: IPS - Cisco vs. McAfee vs. Tippingpoint

[Joel Snyder <Joel.Snyder () Opus1 COM>]

> Hi List,
>
> i need to protect a "realtime" website with an inline IPS from (D)DOS attacks.
You should not be looking at Cisco, McAfee, or Tippingpoint (or, as some 
have suggested, Sourcefire or Fortinet).  None of them specializes in 
DoS attacks, and all will give you fairly poor results if that's your 
main concern.  This is not to say that these aren't great products when 
used as designed; it's just to point out that none of them are designed 
to be very good at DoS protections.  I'm sure that the sales droids are 
happy to tell you that they're good DoS boxes but, as you found out, 
they aren't.
You want to look at products that focus on DoS (and other rate-based 
attacks), probably starting with TopLayer and Arbor (someone else 
already suggested that), but also Mazu (now part of Riverbed).  There 
are also some smaller companies that have had success in this space. 
For example, one of our customers bought a DoS mitigation box from 
Riorey (http://www.riorey.com/) and they think it's the bees knees.
jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms () Opus1 COM                http://www.opus1.com/jms

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194