Dragon Claws its Way to the Top
Source: Network Computing - Posted by Dave Wreski   
Intrusion Detection This is a great (and lengthy) comparision of commercially available and freely available network intrusion detection devices. "To get a handle on the state of the IDS market, we decided to go back to school. Literally. We made the trip from our Neohapsis labs over to DePaul University in Chicago. There we set up the IDSnet and put 10 IDS products to the test . . . This is a great (and lengthy) comparision of commercially available and freely available network intrusion detection devices. "To get a handle on the state of the IDS market, we decided to go back to school. Literally. We made the trip from our Neohapsis labs over to DePaul University in Chicago. There we set up the IDSnet and put 10 IDS products to the test (see "How We Tested Intrusion-Detection Systems"): Computer Associate International's eTrust, Cisco Systems' Secure IDS, CyberSafe Corp.'s Centrax, Enterasys Networks' Dragon, Internet Security Systems' BlackICE (Network ICE was acquired by Internet Security Systems in April), ISS' RealSecure, Intrusion.com's SecureNet Pro, NFR Security's NFR Network Intrusion Detection System (we also looked at Anzen Computing's Flight Jacket, which was acquired by NFR in June), the open-source Snort and Symantec Corp.'s NetProwler (formerly Axent Technologies Inc.'s NetProwler; Symantec was acquired by Axent in December)."

DePaul's environment comprises about 10,000 nodes spread across greater Chicago. It's a typical university environment, with a variety of platforms, remote sites, research networks, residence-hall networks and an active student population. The school's network averages an Internet throughput of 30- to 38-Mbps, with traffic ranging from 5,000 to 7,000 pps (packets per second). This might not sound like the ultimate NIDS (network intrusion-detection system) thrasher, but within the first week of deployment DePaul's network whittled the NIDS field down to BlackICE, Dragon, Secure IDS and Snort. NFR's IDS dropped 2 million frames after the first 48 hours, and CA's eTrust told us we needed a processor about 4,000 times faster than our 700-MHz Pentium III box. The Bruisernet was kicking ass and taking names right from the get go.

Read this full article at Network Computing

Only registered users can write comments.
Please login or register.

Powered by AkoComment!