Re: IPS in the Enterprise UTM Firewall testing results



this is really a great report and i am sure lot of effort has gone
into this. catch rates and perforamance is really caught my eye.

Catch rates are really disappointing across the board except for ISS.
i do understand that client attack detection is new, but even the
server side catch rates are awfully low. i understand that these are
expensive boxes. i did not see any vendor responses on low catch rate
and performace.

is this due to technology limitation or is it that devices tested are
not up to mark?

Ravi

On 14 Nov 2007 15:28:18 -0000, jms@xxxxxxxxx <jms@xxxxxxxxx> wrote:
After months and months and months in the lab, a huge UTM test I did for Network World is now available (for free, folks, for free) on their web site. I apologize in advance if you have to click 800 times to read the whole 19,000 words, but here goes:


Main story starting point:

http://www.networkworld.com/reviews/2007/111207-utm-firewall-test.html


Just the discussion of IPS in the UTM firewall/enterprise space:

http://www.networkworld.com/reviews/2007/111207-utm-firewall-test-ips.html


Chart on catch rates based on Mu-4000 testing:

http://www.networkworld.com/reviews/2007/111207ips.html


If you're not sure that enterprise should even be running IPS in their firewalls, you can click on the link below for a header page which has further links with some discussion on the pros and cons of that issue:

http://www.networkworld.com/buyersguides/guide.php?cat=865480


Enjoy or not, as you see fit.


jms


--

Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719

Senior Partner, Opus One Phone: +1 520 324 0494

jms@xxxxxxxxx http://www.opus1.com/jms


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------



------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------