IDS mailing list archives
AW: IPS - Cisco vs. McAfee vs. Tippingpoint
From: "Daniel, Akos" <a.daniel () iq-optimize de>
Date: Tue, 11 Aug 2009 10:43:50 +0200
Hi, That makes our life hard, for one question we have got ~12 Solution from different Manufacturers. As I see, it is not easy to choose 'the best solution', there is too much good idea from different manufacturers on the market and the key benefits of a product differ at each unique Customer/User. I tried to collect all the products mentioned in this topic: Sorry if not all correct and hopefully it will not be identified as spam :-) Top Layer IPS http://www.toplayer.com/content/products/intrusion_detection/attack_mitigator.jsp Arbor Networks Peakflow CP and TM systems http://www.arbornetworks.com/en/arbor-peakflow-ip-flow-based-technology.html http://www.arbornetworks.com/peakflowsp Cisco IPS 4200 Series Sensor http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/index.html Cisco Anomaly Detection and Mitigation Appliances http://www.cisco.com/en/US/products/ps5879/Products_Sub_Category_Home.html McAfee Network Security http://www.mcafee.com/us/enterprise/products/network_security/network_security_platform.html Fortinet http://www.fortinet.com/products/fortiweb/ http://www.fortinet.com/products/fortigate/ Sourcefire http://www.sourcefire.com Snort http://www.snort.org/ WebDefend http://www.breach.com/products/webdefend.html F5 BIG-IP http://www.f5.com/products/big-ip/ BIG-IP Application Security Manager Module http://www.f5.com/products/big-ip/product-modules/application-security-manager.html Mazu (Riverbed acquisited Mazu) http://www.riverbed.com/products/cascade/ Riorey http://www.riorey.com/ IBM ISS Proventia IPS http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1030570 Radware's DefensePro http://www.radware.com/Products/ApplicationNetworkSecurity/DefensePro.aspx Cheers, Akos -----Ursprüngliche Nachricht----- Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im Auftrag von C-Info Gesendet: Donnerstag, 30. Juli 2009 22:01 An: 'Hurgel Bumpf'; focus-ids () securityfocus com Betreff: RE: IPS - Cisco vs. McAfee vs. Tippingpoint A few years ago I worked on a project with a large ISP regarding DDoS mitigation. What we found was that it was nearly impossible to mitigate a serious DDoS attack from the customer end. Usually the pipe to the customer from the ISP was totally full of attack traffic - so trying to stop this at the customer site was simply not possible. You really need to work with the ISP and ensure that they have some mechanism (we used Peakflow SP and another product)to help stop the flow of traffic upstream of your connection to the internet. Although these features are nice on customer premise devices - they only work on smaller attacks that do not flood the customers internet connection. Curt -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Hurgel Bumpf Sent: Thursday, July 30, 2009 3:44 AM To: focus-ids () securityfocus com; Gary Halleen Subject: Re: IPS - Cisco vs. McAfee vs. Tippingpoint Hi Gary, thank you for your valuable input. indeed my main focus is on protecting our systems from (D)DOS attacks. I start to like the peakflow product more and more. Thank you all for pointing that out! Andre --- Gary Halleen <ghalleen () cisco com> schrieb am Mi, 29.7.2009:
Von: Gary Halleen <ghalleen () cisco com> Betreff: Re: IPS - Cisco vs. McAfee vs. Tippingpoint An: "Hurgel Bumpf" <l0rd_lunatic () yahoo com>, focus-ids () securityfocus com Datum: Mittwoch, 29. Juli 2009, 15:07 Hurgel, While I think you'll be happy with the features and performance of Cisco's IPS (especially if you are using 7.0 software, which comes with Reputation Filtering and Global Correlation capabilities), you should keep in mind that an IPS is not always the best solution for DDoS protection. Depending on the type and severity of the DDoS attack, the IPS may provide what you are looking for, especially if you configure it to block or rate-limit on an upstream device, like a router, switch, or firewall. You may also want to take a look at Arbor's Peakflow products, as well as Cisco's Guard/Detector products. Both of these are designed with DDoS protection as primary features. They also are typically deployed both at the customer's site, as well as upstream, so that DDoS traffic is never eating up your bandwidth to the Internet once an attack is detected. Gary On 7/29/09 5:25 AM, "Hurgel Bumpf" <l0rd_lunatic () yahoo com> wrote:Hi List, i need to protect a "realtime" website with an inlineIPS from (D)DOS attacks.I had some bad experience with Tippingpoint UnityOne2400 field test. Thedevice dropped to much sessions until all connectivitywas lost.After that no investigation was not possible as TPlogs all attack informationwith IP address 0.0.0.0 The vendor excused this with the layered technologyand passing the IP addressfrom the hardware to the logger would lead to delayedpackages)This is unacceptable. i'm now looking forward to test a Cisco IPS 4270-20and a McAfee NetworkSecurity 4050 appliance. Who has a good/bad experience with that devices? Is ittrue that all devicesdon't log ip adresses? My dream appliance would be able to run like in a 7day learning mode whichcounts max new sessions per second, max sessions perclient aso. After this 7days it creates a filter with +x% of the learnedvalues and sets these limitsactive. A big problem is that i have to install it into theproductive system to getthe real values. I dont have any fixed valuesregarding the new sessions persecond and i cant just guess and set values and renderthe system offline.All information is highly appreciated! Thank you very much for your time, Andre-----------------------------------------------------------------Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how theyoperate and theirapplication. By making use of an SSL certificate onyour web server, you cansecurely collect sensitive information online, andincrease business by givingyour customers confidence that their transactions aresafe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f1 94
----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f1 94 ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194 ----------------------------------------------------------------- Securing Your Online Data Transfer with SSL. A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe. http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
Current thread:
- AW: IPS - Cisco vs. McAfee vs. Tippingpoint Daniel, Akos (Aug 11)
- Re: AW: IPS - Cisco vs. McAfee vs. Tippingpoint Seth Hall (Aug 13)