IDS mailing list archives
Re: Proventia G400
From: FinAckSyn <finacksyn () yahoo co uk>
Date: Thu, 27 Oct 2005 09:08:55 +0100 (BST)
Hi Valter, We are currently evaluating IPS vendors in order to make an informed choice about which is going to be best for our customers (we are a security consultancy/reseller). Unfortunately, ISS Proventia was one of the first to drop off the list. It's one of those that fell into our category of inline-IDS. Heavily signature reliant, PC-based, doesn't run standalone (needs external management), plus the requirement of an external unit to enable resiliency in case of Proventia hw/sw failure made the overall solution quite bulky. Even more so for a single-box deployment. Throughput of 400Mpbs seemed reasonable, but if you're going to include Gb ports on a device, in our opinion, that device should be able to handle a full Gb. It didn't handle 400Mbps of small packets very well, either, so you would need a separate DDOS device (ISS don't supply these) if true enterprise perimeter or hosting protection is required. SiteProtector software is excellent - one of the best. But you need to see through this and work out whether or not the device offers the protection you need, rather than choose a product based on appearance. The reports are also pretty nifty too. If we had to choose a product based on policy management and reporting, ISS would come pretty close to the top of the list. Digging deeper, we also looked for independent test results. We referred to www.nss.co.uk, whom offer the most thorough tests on the market. No sign of ISS, except in the old IPS Edition 1 test (non-current). We did hear on the grapevine that ISS (and Check Point, for that matter), both submitted their products for Edition 2 and 3 testing, but nothing came out of the other end. We can only assume that they declined to have their results published. Our thoughts? It's not really a true IPS. Next. Regards, Matt --- Valter Santos <vsantola () sectoid com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, anyone out there is using ISS Proventia G400 series, and is willing to share some thoughts ? thanx /valter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFDXLlgR7pJvOKksgYRApuSAJ0XEwPrGGTmj73XPsUzA8/Yjv3PkACg0SJG
gpFJyahq23YI88HmK/29xFQ= =tb4B -----END PGP SIGNATURE-----
------------------------------------------------------------------------
Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
Current thread:
- Proventia G400 Valter Santos (Oct 26)
- Re: Proventia G400 FinAckSyn (Oct 27)
- Re: Proventia G400 Planz (Oct 28)
- <Possible follow-ups>
- RE: Proventia G400 Palmer, Paul (ISSAtlanta) (Oct 28)
- Re: Proventia G400 FinAckSyn (Oct 27)