• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

IPS solutions

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
tcfls2
Just Arrived
Just Arrived


Joined: 05 Oct 2010
Posts: 0


Offline

PostPosted: Tue Oct 05, 2010 10:28 pm    Post subject: IPS solutions Reply with quote

I work for a company and we are looking at IPS solutions. Is there any certain ones that you use and if so have you had positive results? There are a few we have looked at such as Palo Alto and Tipping Point. We like that Palo Alto has the firewall and VPN capabilities, but are worried it may affect the efficiency of the IPS. We are a big company with multiple campuses. Thank you for any input that you may have on this.
Back to top
View user's profile Send private message
Sgt_B
Trusted SF Member
Trusted SF Member


Joined: 28 Oct 2002
Posts: 16777215
Location: Chicago, IL US

Offline

PostPosted: Tue Oct 05, 2010 10:56 pm    Post subject: Reply with quote

I've never worked with Tipping Point personally, but I do hear good things from people. I'd personally recommend Sourcefire http://www.sourcefire.com/. Its a great system and has been around for years. They have a number of appliances to meet whatever speeds your environment requires. (Most IPS vendors have that so its not a huge selling point Wink)

I'd be wary of the all-in-one devices. I my experience, they're not as good as the folks who dedicate their resources to making an IDS/IPS product.

If you're stuck deciding between two vendors, I'd call your sales rep at each company and have them demo their products. After the bake-off you'll probably be in a position to make a much more informed decision.
Back to top
View user's profile Send private message Visit poster's website
tcfls2
Just Arrived
Just Arrived


Joined: 05 Oct 2010
Posts: 0


Offline

PostPosted: Tue Oct 05, 2010 11:06 pm    Post subject: Reply with quote

We have had a demo of both products and will also have a demo of Nitro Security. They have both looked pretty good so far, I guess that is why I wanted some real world experiances, because they always talk like they are the best and can do it all. I will check into sourcefire also. Thank you for your quick response and help.
Back to top
View user's profile Send private message
Sgt_B
Trusted SF Member
Trusted SF Member


Joined: 28 Oct 2002
Posts: 16777215
Location: Chicago, IL US

Offline

PostPosted: Wed Oct 06, 2010 8:46 pm    Post subject: Reply with quote

Yeah I personally like the demos as it gives me the opportunity to ask tough questions to see if their product really does what they say it does. The one that fits the bill is the one I go with.

For a real experience attestation, I'd really recommend Sourcefire. If budget is a major concern you can even use Snort (Sourcefire is based on Snort btw). Snort is incredible, but can be a little daunting if you've never touched IDS or IPS before. If you're savvy I'd even go so far as to recommend you go with Snort, and if you really like it you can proceed with the commercial route and get Sourcefire appliances and utilize their enterprise management solutions.
Back to top
View user's profile Send private message Visit poster's website
tcfls2
Just Arrived
Just Arrived


Joined: 05 Oct 2010
Posts: 0


Offline

PostPosted: Thu Oct 07, 2010 6:01 pm    Post subject: Reply with quote

Thank you very much for all of your help. I really appreciate it.
Back to top
View user's profile Send private message
abrahamj
Just Arrived
Just Arrived


Joined: 28 Feb 2010
Posts: 0


Offline

PostPosted: Thu Dec 02, 2010 7:39 am    Post subject: Reply with quote

You try the ax3soft sax2, visit http://www.Ids-sax2.com and download sax2 to help you.
Back to top
View user's profile Send private message Send e-mail
krugger
SF Mod
SF Mod


Joined: 08 Jun 2006
Posts: 16777209


Offline

PostPosted: Thu Dec 02, 2010 6:15 pm    Post subject: Reply with quote

Hope you have the manpower to go through the thousands of false positives you will be getting every single day.
Back to top
View user's profile Send private message
alt.don
SF Boss
SF Boss


Joined: 04 Mar 2003
Posts: 16777079


Offline

PostPosted: Thu Dec 02, 2010 11:00 pm    Post subject: Reply with quote

I have been dealing with IDS's and IPS's for years now and have also evaluated several of them prior to their going commercial. The whole thousands of false/positives if overstated. The appliances are only as good as the person administering them. You can't just drop these things into your network and expect optimal results. There is some work to be done.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register