Re: Intrusion Prevention

From: Randy Taylor <gnu(at)charm.net>
Date: Mon Dec 23 2002 - 23:02:16 EST

Thanks Dave and Steve. That info just what I needed and right on time.

I will be beginning evals of IntruVert soon, with NetScreen IDP to follow. For functionality ("speeds and feeds") criteria, I am relying heavily on OSEC, because the Neohapsis crew knows their stuff and nothing is hidden - all the details are there in the criteria. IntruVert has been through OSEC - I haven't seen a date for NetScreen set yet, so I'll be holding off their eval until they've been through that process.

I'm looking at IntruVert for my project's Gig pipes, and NetScreen's IDP for the sub-Gig pipes. I can't justify IntruVert's cost for anything under Gig speeds yet.

Beyond that, I am looking for feedback on "human factors" issues, such as scalability (ok that's a cross between technical and human), manageability, ease-of-use, forensics capability, sensor/analyst ratios, etc. for both IntruVert and NetScreen IDP. Folks out there using either of these products, please feel free to email me directly with your experiences with them in the real work world. I'd really appreciate your input.

Best regards and happy holidays to all,

Randy

---

"Go ahead and quit. We'll just hire dumber people to replace you." -- Demetri Fanourgiakis, Security VP, Enterasys Networks, Summer 2002. Yeah, this is the guy that replaced Ron Gula. You may now boggle. ---

At 12:52 PM 12/23/2002 -0700, Dave Mitchell wrote:
>I personally recommend the Netscreen IDP. It uses flow based packet
Received on Tue Dec 24 12:05:05 2002