Options
IPS recommendations / experiences
I know someone whose best friend's sister's daughter's roommate's next-door neighbor's dog's owner's third cousin works at a company who is thinking about updating their aging / EOLed network IPS solution. I'm not going to name the vendor, and to keep things vague I won't even provide specifics of the environment that they will be placed in. They will probably have one person watching the IPS appliances and logs part-time ... if that.
So anyway, if you can share some generalizations regarding IPS solutions by Check Point, Juniper, Cisco (ASA modules), Sourcefire, TippingPoint, IBM / ISS, Top Layer, McAfee, Palo Alto, Fortinet, etc., and both positives and negatives from your experiences, I'd greatly appreciate it.
So anyway, if you can share some generalizations regarding IPS solutions by Check Point, Juniper, Cisco (ASA modules), Sourcefire, TippingPoint, IBM / ISS, Top Layer, McAfee, Palo Alto, Fortinet, etc., and both positives and negatives from your experiences, I'd greatly appreciate it.
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
Comments
-
OptionsAhriakin Member Posts: 1,799 ■■■■■■■■□□TippingPoint gets my vote (if a pure IPS is the goal, for a UTM/Anything identity based try Palo Alto).We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
Optionsit_consultant Member Posts: 1,903Word of warning, Palo Altos are not usually financially feasible. They are great security appliances, but please...
-
OptionsZartanasaurus Member Posts: 2,008 ■■■■■■■■■□Funny, we're going through that exact process right now. I don't talk to any third cousins, so I don't think the OP is about me though.
Wish I had access to these reports. Apparently the McAfee IPS is really good, but I've never seen a full report. We've demoed the appliance and it seems fine. Not much else to compare it to other than the ASA module. Gonna be looking at a TippingPoint soon.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8% -
Optionsdocrice Member Posts: 1,706 ■■■■■■■■■■My understanding is that Sourcefire won out on the last NSS Labs report. However, the devil is in the details. Just because something is top-rated doesn't necessarily mean it's appropriate to a given environment.
Choosing an IPS brand isn't like choosing a firewall as much, given the prices of some of these appliances (especially when you're looking at higher inspected throughputs).Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
OptionsAhriakin Member Posts: 1,799 ■■■■■■■■□□I know there was an issue with at least one round of NSS tests last year where they used an out-of-the-box config for TippingPoint (didn't update the DVs or TOS). Undermines their results a little. And while I understand lab tests have to keep to as close to a universal standard as possible comparing vanilla configs does little to show you what they are capable of (since every IPS installation/tuning is going to be different). Personally I want to see what I can do with it, not what it will do within 5 minutes of plugging it in.We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
-
OptionsipSpace Member Posts: 147Well i do not have a lot experience with IPS except for Fortigate.
Fortigate is not that pricey, and you have a firewall that can do a lot of things, and it is really easy to handle.
My Network & Security Blog with a focus on Fortigate. New post on how to create a fortigate ssl vpn. -
Optionsnicklauscombs Member Posts: 885Zartanasaurus wrote: »Apparently the McAfee IPS is really good, but I've never seen a full report.WIP: IPS exam
-
OptionsZartanasaurus Member Posts: 2,008 ■■■■■■■■■□Doing a WebEx thing with HP right now. TippingPoint looks sexy.Currently reading:
IPSec VPN Design 44%
Mastering VMWare vSphere 5 42.8%