Re: Help in evaluating Inline IDS/IPS solution

From: Stephen Samuel (
Date: 06/05/03

  • Next message: Markle, Scott: "RE: False Positives (Definitions White Paper)"
    Date: Thu, 05 Jun 2003 08:44:07 -0700
    To: Ravi <>,

    Ravi wrote:

    > From sensor technology perspective, I find that all the vendors
    > seems to be having
    > similar capabilities. But, I am trying to see the continued support
    > on new attacks
    > and vulnerabilities found.
    > One vendor claims that they have 5 dedicated analysts looking at
    > the vulnerabilities
    > and updating signatures (if needed). Another vendors claims that
    > they have more
    > than 20 analysts doing this job. Can this be considered in my eval?
    > Is it that other
    > vendor exaggerating the number of resources they have for this job.

    All things being equal, 20 analysts are likely to be better than 5.
    On the other hand, 5 really skilled analysts with a good support
    structure, tools and communication are going to do a better job than
    20 beginners with loose communications, low morale and other duties.

    If you can get a chance to actually talk to analysts from the two
    companies, you should be able to get a sense of what end of the
    quality scale the two groups are. That will make more sense of
    the quantitative analysis.

    Stephen Samuel +1(604)876-0426      
    Powerful committed communication, reaching through fear, uncertainty and
    doubt to touch the jewel within each person and bring it to life.
    IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities 
    - including intrusion identification, relevancy, direction, impact and analysis 
    - enabling a path to prevention.
    Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at:

  • Next message: Markle, Scott: "RE: False Positives (Definitions White Paper)"