IPS recommendations / experiences

I know someone whose best friend's sister's daughter's roommate's next-door neighbor's dog's owner's third cousin works at a company who is thinking about updating their aging / EOLed network IPS solution. I'm not going to name the vendor, and to keep things vague I won't even provide specifics of the environment that they will be placed in. They will probably have one person watching the IPS appliances and logs part-time ... if that.

So anyway, if you can share some generalizations regarding IPS solutions by Check Point, Juniper, Cisco (ASA modules), Sourcefire, TippingPoint, IBM / ISS, Top Layer, McAfee, Palo Alto, Fortinet, etc., and both positives and negatives from your experiences, I'd greatly appreciate it.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

Ahriakin

TippingPoint gets my vote (if a pure IPS is the goal, for a UTM/Anything identity based try Palo Alto).

it_consultant

Word of warning, Palo Altos are not usually financially feasible. They are great security appliances, but please...

Zartanasaurus

Funny, we're going through that exact process right now. I don't talk to any third cousins, so I don't think the OP is about me though.

Wish I had access to these reports. Apparently the McAfee IPS is really good, but I've never seen a full report. We've demoed the appliance and it seems fine. Not much else to compare it to other than the ASA module. Gonna be looking at a TippingPoint soon.

docrice

My understanding is that Sourcefire won out on the last NSS Labs report. However, the devil is in the details. Just because something is top-rated doesn't necessarily mean it's appropriate to a given environment.

Choosing an IPS brand isn't like choosing a firewall as much, given the prices of some of these appliances (especially when you're looking at higher inspected throughputs).

Ahriakin

I know there was an issue with at least one round of NSS tests last year where they used an out-of-the-box config for TippingPoint (didn't update the DVs or TOS). Undermines their results a little. And while I understand lab tests have to keep to as close to a universal standard as possible comparing vanilla configs does little to show you what they are capable of (since every IPS installation/tuning is going to be different). Personally I want to see what I can do with it, not what it will do within 5 minutes of plugging it in.

ipSpace

Well i do not have a lot experience with IPS except for Fortigate.
Fortigate is not that pricey, and you have a firewall that can do a lot of things, and it is really easy to handle.

nicklauscombs

Zartanasaurus wrote: »

Apparently the McAfee IPS is really good, but I've never seen a full report.

only just jumping in but so far i've been impressed with the mcafee offering.

Zartanasaurus

Doing a WebEx thing with HP right now. TippingPoint looks sexy.