IDS mailing list archives
Evaluating various NIPS
From: H B <modestproposal81 () gmail com>
Date: Tue, 14 Jun 2005 15:22:03 -0400
Hello all, I'm an ungergrad computer sci major working with my school's IT department for the summer. I'm involved in a project looking in to various NIPS to replace our current homegrown system which has become too cumbersome to maintain on a small staff (we're not a huge school), and I have a few questions to ask. - We are really interested in a system that requires as little manpower as humanly possible to maintain effectively (i.e. automatic updates, good service and support) and one that has a fairly powerful managing system in terms of forensic analysis. What should I look for (and perhaps avoid) to reduce false positives and other such things that could waste valuable time? - In a related question: Should I lean away from products that rely heavily on various types of anomaly detection and head towards systems that rely more on signature detection and other methods? - At risk of igniting the ASIC debate again, we need to maintain Gb speed on the network segment that this is to be deployed on. Again, what experiences have people had, specifically in dealing with NAI, Tipping Point, Juniper, Cisco, Fortinet, and SourceFire products. - Are there any resources online other than NSS that can give me some independent review and analysis on these products? Thanks, Hans Bruesch-Olsen -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Evaluating various NIPS H B (Jun 14)