SearchSecurity.com has profiled Endace on its Security Bytes blog. There are some good points there about the evolution of Intrusion Detection Systems, Intrusion Prevention, and the limitations of both, and how Endace is taking Intrusion Detection to the next level with its 100% packet capture technology and support for Suricata.
Posts Tagged ‘IPS’
NSS IPS tests show average block rate only 57%
NSS Labs conducted a test of multiple IPS solutions from 7 well-known vendors in Q4, 2009. Their full report is available for purchase here (if you are interested in a copy of the full report, let us know as we’ve still got a limited number to give away and we’ve also negotiated a special deal for “friends of Endace”).
The NSS testing revealed issues with IPS performance that tally with our experience in the field, and which we felt are important for people to know about. So, with agreement from NSS, we’ve just released a graph (anonymised) from the NSS IPS testing. This showed that, even with tuned rule-sets, the average block-rate performance of the IPS solutions tested was just 57%.
To block or not to block?
Some interesting throughts from Mike Chapple on the subject of IPS. Published on searchsecurity.com a little while ago, but still very relevant today IOHO
….A little more than three years ago, I witnessed a pilot deployment of an intrusion prevention system (IPS) on a large academic network. The technology in question was a highly touted product from a top-tier vendor (one that’s still around today). The product came complete with tons of sales hype, promising to eliminate all network threats and allow security analysts to sleep soundly for the first time in years.
Archives
- January 2012
- December 2011
- November 2011
- August 2011
- July 2011
- June 2011
- April 2011
- September 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
Categories
- Cyber Security Monitoring (17)
- Financial Services (3)
- General (11)
- Low Latency Monitoring (3)
- Network visibility (3)
- Uncategorized (7)