Intrusion Prevention requirements document

vendortrebuchet_at_comcast.net
Date: 10/28/05

  • Next message: Nick Black: "Re: RPC Evasion techniques"
    To: focus-ids@securityfocus.com
    Date: Fri, 28 Oct 2005 01:09:31 +0000
    
    

    All,

    I work on a team that manages signature and behavioral based intrusion detection systems today. We have been tasked with reviewing IPS (or whatever vendor name acronym you prefer) in '06. Our normal process is to put together a base requirements document to weed out vendors in the first round through a paper excercise and then bring in the best we can identify. My question is, has anyone developed a matrix that identifies key qualifiers in an IPS solution (e.g. in-line, fails open/closed, reporting features, etc.). If so, could you provide links or the documents?

    If not, what categories are most significant to consider in your expert opinions? What reasons did you choose the solution you have? What would you consider if you had to choose over again, etc?

    Thanks in advance for your responses.

    VT

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------


  • Next message: Nick Black: "Re: RPC Evasion techniques"