IPS solutions

Networking/Security Forums -> Firewalls // Intrusion Detection - External Security

Author: tcfls2 PostPosted: Tue Oct 05, 2010 10:28 pm    Post subject: IPS solutions
    ----
I work for a company and we are looking at IPS solutions. Is there any certain ones that you use and if so have you had positive results? There are a few we have looked at such as Palo Alto and Tipping Point. We like that Palo Alto has the firewall and VPN capabilities, but are worried it may affect the efficiency of the IPS. We are a big company with multiple campuses. Thank you for any input that you may have on this.

Author: Sgt_BLocation: Chicago, IL US PostPosted: Tue Oct 05, 2010 10:56 pm    Post subject:
    ----
I've never worked with Tipping Point personally, but I do hear good things from people. I'd personally recommend Sourcefire http://www.sourcefire.com/. Its a great system and has been around for years. They have a number of appliances to meet whatever speeds your environment requires. (Most IPS vendors have that so its not a huge selling point Wink)

I'd be wary of the all-in-one devices. I my experience, they're not as good as the folks who dedicate their resources to making an IDS/IPS product.

If you're stuck deciding between two vendors, I'd call your sales rep at each company and have them demo their products. After the bake-off you'll probably be in a position to make a much more informed decision.

Author: tcfls2 PostPosted: Tue Oct 05, 2010 11:06 pm    Post subject:
    ----
We have had a demo of both products and will also have a demo of Nitro Security. They have both looked pretty good so far, I guess that is why I wanted some real world experiances, because they always talk like they are the best and can do it all. I will check into sourcefire also. Thank you for your quick response and help.

Author: Sgt_BLocation: Chicago, IL US PostPosted: Wed Oct 06, 2010 8:46 pm    Post subject:
    ----
Yeah I personally like the demos as it gives me the opportunity to ask tough questions to see if their product really does what they say it does. The one that fits the bill is the one I go with.

For a real experience attestation, I'd really recommend Sourcefire. If budget is a major concern you can even use Snort (Sourcefire is based on Snort btw). Snort is incredible, but can be a little daunting if you've never touched IDS or IPS before. If you're savvy I'd even go so far as to recommend you go with Snort, and if you really like it you can proceed with the commercial route and get Sourcefire appliances and utilize their enterprise management solutions.

Author: tcfls2 PostPosted: Thu Oct 07, 2010 6:01 pm    Post subject:
    ----
Thank you very much for all of your help. I really appreciate it.

Author: abrahamj PostPosted: Thu Dec 02, 2010 7:39 am    Post subject:
    ----
You try the ax3soft sax2, visit http://www.Ids-sax2.com and download sax2 to help you.

Author: krugger PostPosted: Thu Dec 02, 2010 6:15 pm    Post subject:
    ----
Hope you have the manpower to go through the thousands of false positives you will be getting every single day.

Author: alt.don PostPosted: Thu Dec 02, 2010 11:00 pm    Post subject:
    ----
I have been dealing with IDS's and IPS's for years now and have also evaluated several of them prior to their going commercial. The whole thousands of false/positives if overstated. The appliances are only as good as the person administering them. You can't just drop these things into your network and expect optimal results. There is some work to be done.



Networking/Security Forums -> Firewalls // Intrusion Detection - External Security


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group