performance metrics for IPS systems?

From: p z (peterzulu_at_gmail.com)
Date: 01/08/05

  • Next message: Brent Stackhouse: "Re: ForeScout ActiveScout"
    Date: Sat, 8 Jan 2005 01:10:54 -0500
    To: focus-ids@securityfocus.com
    
    

    Hi:

    I'm developing an RFP for an IPS system and am now on the section
    regarding performance metrics. We have a large distributed network
    with mostly gige networks linked via vpns over oc-192 pipes. The IPS
    systems would be used to protect the VPN end-points, as well as
    internal network segments (primarily the core.)

    I'm planning on demanding that the IPS systems perform at >225,000
    packets/second (100% of packets inspected) with <.5ms latency per
    packet. Is this reasonable for an IPS? We have a very busy network
    which can burst above 225,000pps. Should I look for an
    application-smart firewall or router instead?

    here are some other questions:

    - What is the standard/acceptable frames/second I should expect of an IPS?
    - What is the acceptable/standard latency per packet for an IPS?
    - Are there other metrics I should be concerned about (like mbps?
    reaction time? etc.)?
    - Does anyone use what they consider to be a high-performance IPS?
    what sorts of throughput and latency do you experience?

    Thanks!
    Peter

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from
    CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    --------------------------------------------------------------------------


  • Next message: Brent Stackhouse: "Re: ForeScout ActiveScout"

    Relevant Pages

    • Re: IPS, alternative solutions
      ... I have the impression that some of the alternatives to IPS you mentioned ... Parts of the market have matured (network ... implementations (in-line protocol decoding and blocking/active response ... an often deployed technology at this time is ...
      (Focus-IDS)
    • RE: ASIC Based IPS
      ... IPS performs on each network stream can be done in parallel, ... There are 2 ways to achieve parallelism: ... The benefits of speed come about when you start using ASICs in parallel ...
      (Focus-IDS)
    • NADS ( was RE: IPS comparison)
      ... One thing that does bother me is how IPS has been ... great at the perimeter or other "choke points" in the network. ... NADS gives much of the value of traditional network ... that detection by itself is just not enough. ...
      (Focus-IDS)
    • RE: Best IPS system?
      ... Subject: Best IPS system? ... I would like to buy the "best" system available to the IPS ... network of my business. ... just not a great marketing team with glossy brochures. ...
      (Focus-IDS)
    • RE: adding another defence layer against viruses/worms
      ... I believe your looking for a Heuristic IPS, ... I like the solutions ob Boaz, especially network segregation. ... Securing Apache Web Server with thawte Digital Certificate ...
      (Security-Basics)