AW: IPS - Cisco vs. McAfee vs. Tippingpoint
- From: "Daniel, Akos" <a.daniel@xxxxxxxxxxxxxx>
- Date: Tue, 11 Aug 2009 10:43:50 +0200
Hi,
That makes our life hard, for one question we have got ~12 Solution from different Manufacturers. As I see, it is not easy to choose 'the best solution', there is too much good idea from different manufacturers on the market and the key benefits of a product differ at each unique Customer/User.
I tried to collect all the products mentioned in this topic:
Sorry if not all correct and hopefully it will not be identified as spam :-)
Top Layer IPS
http://www.toplayer.com/content/products/intrusion_detection/attack_mitigator.jsp
Arbor Networks Peakflow CP and TM systems
http://www.arbornetworks.com/en/arbor-peakflow-ip-flow-based-technology.html
http://www.arbornetworks.com/peakflowsp
Cisco IPS 4200 Series Sensor
http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/index.html
Cisco Anomaly Detection and Mitigation Appliances
http://www.cisco.com/en/US/products/ps5879/Products_Sub_Category_Home.html
McAfee Network Security
http://www.mcafee.com/us/enterprise/products/network_security/network_security_platform.html
Fortinet
http://www.fortinet.com/products/fortiweb/
http://www.fortinet.com/products/fortigate/
Sourcefire
http://www.sourcefire.com
Snort
http://www.snort.org/
WebDefend
http://www.breach.com/products/webdefend.html
F5 BIG-IP
http://www.f5.com/products/big-ip/
BIG-IP Application Security Manager Module
http://www.f5.com/products/big-ip/product-modules/application-security-manager.html
Mazu (Riverbed acquisited Mazu)
http://www.riverbed.com/products/cascade/
Riorey
http://www.riorey.com/
IBM ISS Proventia IPS
http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1030570
Radware's DefensePro
http://www.radware.com/Products/ApplicationNetworkSecurity/DefensePro.aspx
Cheers,
Akos
-----Ursprüngliche Nachricht-----
Von: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] Im Auftrag von C-Info
Gesendet: Donnerstag, 30. Juli 2009 22:01
An: 'Hurgel Bumpf'; focus-ids@xxxxxxxxxxxxxxxxx
Betreff: RE: IPS - Cisco vs. McAfee vs. Tippingpoint
A few years ago I worked on a project with a large ISP regarding DDoS
mitigation. What we found was that it was nearly impossible to mitigate a
serious DDoS attack from the customer end. Usually the pipe to the customer
from the ISP was totally full of attack traffic - so trying to stop this at
the customer site was simply not possible.
You really need to work with the ISP and ensure that they have some
mechanism (we used Peakflow SP and another product)to help stop the flow of
traffic upstream of your connection to the internet.
Although these features are nice on customer premise devices - they only
work on smaller attacks that do not flood the customers internet connection.
Curt
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On
Behalf Of Hurgel Bumpf
Sent: Thursday, July 30, 2009 3:44 AM
To: focus-ids@xxxxxxxxxxxxxxxxx; Gary Halleen
Subject: Re: IPS - Cisco vs. McAfee vs. Tippingpoint
Hi Gary,
thank you for your valuable input.
indeed my main focus is on protecting our systems from (D)DOS attacks. I
start to like the peakflow product more and more.
Thank you all for pointing that out!
Andre
--- Gary Halleen <ghalleen@xxxxxxxxx> schrieb am Mi, 29.7.2009:
Von: Gary Halleen <ghalleen@xxxxxxxxx>http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f1
Betreff: Re: IPS - Cisco vs. McAfee vs. Tippingpoint
An: "Hurgel Bumpf" <l0rd_lunatic@xxxxxxxxx>, focus-ids@xxxxxxxxxxxxxxxxx
Datum: Mittwoch, 29. Juli 2009, 15:07
Hurgel,
While I think you'll be happy with the features and
performance of Cisco's
IPS (especially if you are using 7.0 software, which comes
with Reputation
Filtering and Global Correlation capabilities), you should
keep in mind that
an IPS is not always the best solution for DDoS
protection.
Depending on the type and severity of the DDoS attack, the
IPS may provide
what you are looking for, especially if you configure it to
block or
rate-limit on an upstream device, like a router, switch, or
firewall.
You may also want to take a look at Arbor's Peakflow
products, as well as
Cisco's Guard/Detector products. Both of these are
designed with DDoS
protection as primary features. They also are
typically deployed both at
the customer's site, as well as upstream, so that DDoS
traffic is never
eating up your bandwidth to the Internet once an attack is
detected.
Gary
On 7/29/09 5:25 AM, "Hurgel Bumpf" <l0rd_lunatic@xxxxxxxxx>
wrote:
IPS from (D)DOS attacks.
Hi List,
i need to protect a "realtime" website with an inline
2400 field test. The
I had some bad experience with Tippingpoint UnityOne
device dropped to much sessions until all connectivitywas lost.
After that no investigation was not possible as TPlogs all attack information
with IP address 0.0.0.0and passing the IP address
The vendor excused this with the layered technology
from the hardware to the logger would lead to delayedpackages)
and a McAfee Network
This is unacceptable.
i'm now looking forward to test a Cisco IPS 4270-20
Security 4050 appliance.true that all devices
Who has a good/bad experience with that devices? Is it
don't log ip adresses?day learning mode which
My dream appliance would be able to run like in a 7
counts max new sessions per second, max sessions perclient aso. After this 7
days it creates a filter with +x% of the learnedvalues and sets these limits
active.productive system to get
A big problem is that i have to install it into the
the real values. I dont have any fixed valuesregarding the new sessions per
second and i cant just guess and set values and renderthe system offline.
-----------------------------------------------------------------
All information is highly appreciated!
Thank you very much for your time,
Andre
Securing Your Online Data Transfer with SSL.operate and their
A guide to understanding SSL certificates, how they
application. By making use of an SSL certificate onyour web server, you can
securely collect sensitive information online, andincrease business by giving
your customers confidence that their transactions aresafe.
94
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their
application. By making use of an SSL certificate on your web server, you can
securely collect sensitive information online, and increase business by
giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f1
94
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194
- Follow-Ups:
- Re: AW: IPS - Cisco vs. McAfee vs. Tippingpoint
- From: Seth Hall
- Re: AW: IPS - Cisco vs. McAfee vs. Tippingpoint
- Next by Date: Content Inspection - Statistical methods
- Next by thread: Re: AW: IPS - Cisco vs. McAfee vs. Tippingpoint
- Index(es):
Relevant Pages
|
