New IPS test in Network World

The IPS test that David Newman and I did has just been published. It's a (if you don't mind me saying so) amazingly good performance test, and we also have some usability comments as well as completeness and correctness. The story package itself is quite large, but the starting point is at:

http://www.networkworld.com/reviews/2006/091106-ips-test.html

There's the big performance test with great graphs & tables, and:
- a video of the testing
- usability testing report on IPS consoles
- a discussion of how IPS devices fell down with part of our testing (SNMP is just a bit too exotic of a protocol, evidentally, and Cisco is just too exotic and unusual of a vendor)
- where we saw problems in the coverage of the IPSes
plus little "mini-reviews" of the 6 products participating.

You have to register to read on; my apologies, but if you want to just pretend to be me (there is no password) then feel free.

When a review like this comes out, the first 20 or 30 feedbacks we always get are "why didn't you include vendor <x>?" The answer in this case for any vendor <x> of significance (Sourcefire, Juniper, Cisco, ISS, the usual gang of tier 1 players) is "they didn't want to come play." You can read whatever you want into that, but you'll see our speculation on the issue in the discussion of coverage problems we saw.

jms

--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One Phone: +1 520 324 0494
jms@xxxxxxxxx http://www.opus1.com/jms

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more.
------------------------------------------------------------------------