Have you looked into Secure Computing's Sidewinder G2 Firewall?
On 12 Aug 2004 21:10:05 -0700,
(Chris
Calabrese) wrote:
>SmartDefense, Interspect, ISS RealSecure, and Snort all have very
>different points of view.
>
>SmartDefense is designed as a lightweight intrusion-prevention engine
>that can run in the firewall's spare-cycles. This is a good choice if
>you already have a CheckPoint firewall in the network location you
>want to protect. The other major players here would be Cisco and
>Netscreen/Juniper.
>
>Interspect is sort of like SmartDefense without the firewall part -
>intended to be used at major internal network boundaries. This is a
>good choice if you're a CheckPoint shop and want to extend your
>existing SmartDefense program to the internal network. The other major
>player here would be Netscreen/Juniper.
>
>The ISS stuff is designed for more general intrusion-prevention (i.e.,
>you can install it anywhere, not just at network boundaries). This is
>a good choice if you want intrusion-prevention that covers key
>networks rather than key network boundaries. Some other players here
>would be Tipping Point and Top Layer.
>
>Snort is for intrusion-detection, not intrusion-prevention. Though you
>can turn it into an at-the-network-boundary intrusion-prevention
>system with snort-inline or hogwash. This is a good choice if you want
>to spend less money and are willing to give up ease-of-setup and have
>the necessary skills and time to roll your own solution. Although,
>there is a commercial version available from Sourcefire that is sort
>of in between rolling your own and the full-on network-toaster
>approach of ISS and Checkpoint's Interspect.
>
>As for your direct questions:
>o I'm guessing that ISS and Snort cover more attacks than the CP
>products as a) SmartDefense is not designed for wide coverage, but
>rather for oportunistic coverage for free, and b) InterSpect just
>hasn't been around as long as the ISS stuff or Snort, though CP seems
>to be putting resources into it so I expect it won't lag by much or
>for long.
>o Don't know about speed, your best bet is to get a box in house and
>see if it handles your traffic loads.
>o Accuracy is probably related more to how you do tuning and the
>tradeoffs you're willing to make than it's related to the (relatively)
>minor differences in these different solutions. That said, the
>CheckPoints are probably going to have the lowest false-positives out
>of the box since they're coming from the firewall world where people
>get dinged for breaking things, rather than Snort and ISS which both
>have an Intrusion Detection heritage where false positives aren't
>considered as damaging as in the firewall world.
>o These solutions are all pretty reliable as all of them are
>essentiall going to be Linux or *BSD running on an OEM'ed Dell box
>(even if you roll your own you're likely to come up with something
>pretty much along these lines).
>
>"jeff" <> wrote in message news:<EISQc.347385$ .cable.rogers.com>...
>> Hey everyone,
>>
>> I am doing some research on IDS for my company. I don't see too much info
>> about Smartdefense and Interspect on the net. Can someone post their
>> experience or test result.
>>
>> Here's some questions i have:
>> *Do ISS and Snort cover a much wider range of attacks that CP products?
>>
>> *Speed - Which of these product works well in high-traffic environment?
>>
>> *Accuracy? - which one is more accurate?
>>
>> * how reliable are these solution?
>>
>> Thank you in advance, please feel free to put in other comments
>>
>> JEFF-R
Similar Threads
