Focus on IDS
Re: Re: I love the smell of whining in the morning... Dec 09 2009 02:21PM
wickedpokah gmail com (2 replies)
RE: Re: I love the smell of whining in the morning... Dec 10 2009 05:52PM
Andrew Plato (andrew plato anitian com) (1 replies)
[Suspected Spam]RE: Re: I love the smell of whining in the morning... Dec 10 2009 10:15PM
Nelson Brito (nbrito sekure org) (1 replies)
RE: Re: I love the smell of whining in the morning... Dec 11 2009 12:18AM
Greg Shipley (gshipley neohapsis com)
Re: Re: I love the smell of whining in the morning... Dec 09 2009 03:48PM
Mark Teicher (mark teicher gmail com)
I am not quite sure I would agree with your statement regarding the
NSS is probably the best and most neutral IPS testing body.
The issue is what is the differentiating factors amongst IPS products,
marketing, functionality, speed. The approach should be the same as
aren't all products in the IPS space should understand how to detect a
simple exploit, understand what to do with it, and log accordingly.
Under various network conditions the ability to detect, block, log
mileage may vary. (no traffic, x traffic over y number of mbps, mix
and match of legit traffic with exploits). The value of the report is
ok, but the true value is what IPS companies will do to meet the
marketing literature that they present in front of customers. If the
test results do not match the marketing literature, what does an IPS
vendor do:
1. Send a note to the testing company not to include the test results
in the public report
2. Invest more money in the IPS product to address the shortcomings of
the product in order to meet marketing literature
3. Yell and scream and the product testing house, stating that the IPS
vendor quality assurance team or software engineers was not able to
reproduce the product testing house findings.
4. Inform the product testing house that their testing methodology is flawed,
5. Fire the marketing team
6. Re-shuffle executives
7. Get acquired

I do not view the findings as "well at least they beat Juniper", it
should be what investment is TP willing to make to address the
findings in the report and what other testing certification bodies are
they working with to ensure the findings in the NSS report are valid..
:)

cheers

/mht

On Wed, Dec 9, 2009 at 9:21 AM, <wickedpokah (at) gmail (dot) com [email concealed]> wrote:
> This is what TP is referring to:
>
> http://www.networkworld.com/news/2009/120709-ips-tests.html?hpg1=bn
>
> I have seen the full report and it is fair to say that TP did very poor compared to the competition.  This is really no surprise for those of us close to the industry who understand TP's heritage and approach.  exploit driven coverage with limited evasion capabilities wrapped around a pretty UI is a recipe for security by obscurity.  Well, at least they beat out Juniper :)
>
> Oh and NSS is probably the best and most neutral IPS testing body out there by far.  This particular report is 100% independent and extremely comprehensive (the best I've seen to date) and includes coverage, performance, Evasion, and various TCO rankings.  I *highly* recommend you obtain the report if you are interested and have the money to do so...
>
> -----------------------------------------------------------------
> Securing Your Online Data Transfer with SSL.
> A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
> http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194
>
>
>

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate on your web server, you can securely collect sensitive information online, and increase business by giving your customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a
17f194

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus