Evaluating various NIPS

[H B <modestproposal81 () gmail com>]

Hello all,
I'm an ungergrad computer sci major working with my school's IT
department for the summer. I'm involved in a project looking in to
various NIPS to replace our current homegrown system which has become
too cumbersome to maintain on a small staff (we're not a huge school),
and I have a few questions to ask.

 - We are really interested in a system that requires as little
manpower as humanly possible to maintain effectively (i.e. automatic
updates, good service and support) and one that has a fairly powerful
managing system in terms of forensic analysis. What should I look for
(and perhaps avoid) to reduce false positives and other such things
that could waste valuable time?

 - In a related question: Should I lean away from products that rely
heavily on various types of anomaly detection and head towards systems
that rely more on signature detection and other methods?

 - At risk of igniting the ASIC debate again, we need to maintain Gb
speed on the network segment that this is to be deployed on. Again,
what experiences have people had, specifically in dealing with NAI,
Tipping Point, Juniper, Cisco, Fortinet, and SourceFire products.

 - Are there any resources online other than NSS that can give me some
independent review and analysis on these products?

Thanks,
Hans Bruesch-Olsen

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------