RE: high speed nids

From: Mike Coliton (mcoliton@twmi.rr.com)
Date: 08/03/01


From: "Mike Coliton" <mcoliton@twmi.rr.com>
To: "Chris Deibler" <chris.deibler@vigilantminds.com>, <focus-ids@securityfocus.com>
Subject: RE: high speed nids
Date: Fri, 3 Aug 2001 17:00:59 -0400
Message-ID: <AKEHKFFIDEEOJGPKCBKFEEAFCDAA.mcoliton@twmi.rr.com>

NSW (now Enterasys)Dragon tested very well at gig speed, and is a very good
alternative

-----Original Message-----
From: Chris Deibler [mailto:chris.deibler@vigilantminds.com]
Sent: Friday, August 03, 2001 1:19 PM
To: focus-ids@securityfocus.com
Subject: RE: high speed nids

        A rumor shared by many. As it stands, the NetworkICE Gigabit Sentry
is the only realistic choice for giga-speed IDS, and ISS was shrewd to
purchase that ability. As far as the engine is concerned, the NI products
actually mirror the IP stack for decoding and detection, as opposed to
inserting shims into the stack, a technique used by many other IDS vendors.
Part of my company's offerings is the resale of NetworkICE (value added or
straight), and we have been continually impressed with the performance of
the engine. Doesn't match the sheer fun-factor of a rack of snort boxes,
but hey, what does?

Chris Deibler
VigilantMinds, Inc.

-----Original Message-----
From: Mike Johnson [mailto:mikej@opennms.org]
Sent: Friday, August 03, 2001 10:53 AM
To: focus-ids@securityfocus.com
Subject: Re: high speed nids

Chris Deibler [chris.deibler@vigilantminds.com] wrote:
> NetworkICE (now ISS property) has a gigabit-capable sentry offering.
> However, whether this product survives the consolidation is subject to
> conjecture. In any case, I suggest checking it out. I have considerable
> experience with their other sentries, and find them useful.

Rumor has it that this technology is the exact reason that ISS
bought NetworkICE. I'd be willing to bet that it'd survive
the buyout. That's not to say it won't morph into something else,
but ISS doesn't have any way of doing gigabit capable stuff
without either the expensive Toplayer stuff or the tech from
NetworkICE.

Mike

--
Mike Johnson -- mikej@opennms.org
OpenNMS -- http://www.opennms.org
--
Like many things in awk, the majority of the time things
work as you would expect them to work.  -- The GNU Awk User's Guide.



Relevant Pages

  • RE: high speed nids
    ... Subject: high speed nids ... is the only realistic choice for giga-speed IDS, ... As far as the engine is concerned, ... > NetworkICE (now ISS property) has a gigabit-capable sentry offering. ...
    (Focus-IDS)
  • RE: high speed nids
    ... Subject: high speed nids ... have used several IDS products, this is the best I have used. ... Now IMHO Gigabit NIDS should be close to acheivable (where Gigabit is ... >> NetworkICE has a gigabit-capable sentry offering. ...
    (Focus-IDS)
  • RE: high speed nids
    ... Subject: high speed nids ... Have any of these products been tested at more than 300Mbps simplex traffic ... Now IMHO Gigabit NIDS should be close to acheivable (where Gigabit is ... >> NetworkICE has a gigabit-capable sentry offering. ...
    (Focus-IDS)