RE: Best IPS system?

["Kevin Reiter" <KReiter () insidefsi net>]

listbounce () securityfocus com wrote:
::: -----Original Message-----
::: From: listbounce () securityfocus com
::: [mailto:listbounce () securityfocus com] On Behalf Of Shelly Beasley
::: Sent: Wednesday, May 07, 2008 3:01 PM
::: To: focus-ids () securityfocus com
::: Subject: Best IPS system?
::: 
::: Hello mailing list,
::: 
::: I would like to buy the "best" system available to the IPS
::: network of my business. My company has only 200 users, all
::: share an Internet connection (10 m). We now use Sonicwall to
::: connect, but we are concerned about the hostile e-mails,
::: malware websites, and people in piracy. Who produces the best
::: job? Which is most capture hacker attempts? The product
::: should not interfere with operations on the network (all
::: connection is filled by the backup off-site at nite).
: 
: On Thu, May 8, 2008 1:09 pm, Andrew Plato wrote:
:: That's a SUPER-loaded question. There is no easy answer. And I
:: guarantee you will get a wide array of answers and arguments.
:: Questions like yours evoke intense emotional responses from some
:: people. 
: 
: The man speaks the truth here :-)
: 
: <snip>
:: That said, this is what I would recommend (I am sure it will deeply
:: and profoundly offend some people, it always does):
:: 
:: For UTM:
:: Fortinet
:: WatchGuard
:: Juniper SSG
:: 
:: For stand alone IPS:
:: TippingPoint
:: Juniper
:: ISS
: <snip>
: 
: My two cents: ISS is atrocious. I can't stress that enough. I'm
: anxious to see if IBM's purchase helps or hinders their product line.
: 
: TippingPoint and Sourcefire have the best IPSs with the smartest team
: of engineers behind them. These folks actually have some passion for
: their product, just not a great marketing team with glossy brochures. Never
: had a problem with them. ISS products on the other hand, failed often,
: didn't perform well and had terrible customer service.
: 
: As Andrew said, get some demos. Everyone in this market is itching to
: get these things in your hands. Some will even stop by, hook it up and
: show you. Take advantage and choose wisely.

We just had a demo from Sourcefire (traditional IDS/IPS) and AirTight (wireless IPS), and just bought the equipment 
when the demo was over.  We had a 5-month demo with Sourcefire that was originally scheduled for 30 days, but we wanted 
to thoroughly test the system, and their take on it was, basically, "..test it as long as you want to..."

Support from both vendors is top-notch, both during and after the demo.  Weekly webex meetings to make sure all our 
questions were answered, access to 24x7 support during the demo, and even onsite engineers to help us get everything 
setup specifically for our environment AT NO CHARGE.

Again, this is just my experience with these 2 companies - you might hear different from others.

-Kevin

This message may contain confidential or proprietary information and is intended solely for the individual(s) to whom 
it is addressed.  If you are not a named addressee you should not disseminate, distribute or copy this e-mail or act 
upon the information contained herein.  Please notify the sender immediately by e-mail if you have received this e-mail 
by mistake and delete this e-mail from your system.


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------