performance metrics for IPS systems?

From: p z (peterzulu_at_gmail.com)
Date: 01/08/05

  • Next message: Brent Stackhouse: "Re: ForeScout ActiveScout"
    Date: Sat, 8 Jan 2005 01:10:54 -0500
    To: focus-ids@securityfocus.com
    
    

    Hi:

    I'm developing an RFP for an IPS system and am now on the section
    regarding performance metrics. We have a large distributed network
    with mostly gige networks linked via vpns over oc-192 pipes. The IPS
    systems would be used to protect the VPN end-points, as well as
    internal network segments (primarily the core.)

    I'm planning on demanding that the IPS systems perform at >225,000
    packets/second (100% of packets inspected) with <.5ms latency per
    packet. Is this reasonable for an IPS? We have a very busy network
    which can burst above 225,000pps. Should I look for an
    application-smart firewall or router instead?

    here are some other questions:

    - What is the standard/acceptable frames/second I should expect of an IPS?
    - What is the acceptable/standard latency per packet for an IPS?
    - Are there other metrics I should be concerned about (like mbps?
    reaction time? etc.)?
    - Does anyone use what they consider to be a high-performance IPS?
    what sorts of throughput and latency do you experience?

    Thanks!
    Peter

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: Brent Stackhouse: "Re: ForeScout ActiveScout"