Gigabit IDS test results

By nobody, Network World
November 04, 2002 12:06 AM ET

. What's this?

Summary of Gigabit IDS performance
Our analysis was based on 28 attacks delivered in four tests — baseline tests with no traffic and tests at 970M bit/sec on untuned and tuned systems. If an IDS did not detect an attack in our baseline tests, the attack was not included in the tests conducted with a 970M bit/sec traffic load.

Detection results on untuned systems

	Attacks detected at baseline, based on 28 attacks delivered	Attacks detected at gigabit speeds, based on the number of attacks detected at baseline
Enterasys	16/28	3/16
Intrusion	11/28	4/11
IntruVert	24/28	21/24
ISS	16/28	16/16
Snort	16/28	6/16
Symantec	14/28	13/14

Detection results on tuned systems

	Attacks detected at baseline, based on 28 attacks delivered	Attacks detected at gigabit speeds, based on the number of attacks detected at baseline
Enterasys	17/28	8/17
Intrusion	15/28	14/15
IntruVert	28/28	27/28
ISS	25/28	25/25
Snort	18/28	8/18
Symantec	14/28	13/14

Click to see:

Dragon IDS Appliance Version 5.0.3; Dragon IDS Sensor Appliance
2.6 Rating	Company: Enterasys, (603) 332-9400, Price: $6,600 for Dragon IDS Server Appliance; $8,400 for Dragon IDS Sensor Appliance. Pros: Management is Web-based; quick installation. Cons: Lack-luster performance under load; nonintuitive processor included in management GUI; limited event details.
SecureNet 7145C
2.8 Rating	Company: Intrusion, (972) 234-6400, Price: $17,000 for sensor appliance; $1,000 for Intrusion SecureNet Provider management. Pros: Well-designed management GUI; dual power for sensor and manager; good reporting. Cons: Lackluster per-formance under load; time-consuming policy update; drops and over-runs on SPAN port.
IntruShield 4000, Version 1.1; IntruShield Manager, Version 1.1
4.3 Rating	Company: IntruVert Networks, (408) 434-8300, Price: $100,000 for Intru-Shield 4000 sensor appliance; $8,000 for IntruShield Manager. Pros: Very good per-former under load; well-designed and intuitive system; fully featured. Cons: Lenghty signature update process; Alert-Viewer sluggish under 100,000-alert payload; pricey.
RealSecure Gigabit Network Sensor, Version 7.0; RealSecure Workgroup Manager, Version 6.6
3.7 Rating	Company: Internet Security Systems Price: $25,000 for RealSecure Gigabit Network Sensor; $2,000 for RealSecure Workgroup Manager; $5,000 for Maintenance for RealSecure Gigabit Network Sensor. Pros: Good performer under load; quick policy up-dates; quick attack det-ection on tuned system. Cons: No event acknow-ledgement; ISS must customize signatures.
Snort on Acid
2.1 Rating	Company: Available via www.snort.org Price: Open source. Pros: Many configuration options; runs on a variety of platforms; free. Cons: Lengthy installation process; requires tech-nical expertise to set up and maintain.
ManHunt II, Version 2.11
3.2 Rating	Company: Symantec Price: $50,000 for ManHunt with 1G bit/sec; $6,000 for Dell Power-Edge 2550 with gigabit support. Pros: Excellent coalescing feature; easy to install; straightforward management GUI. Cons: Cannot filter or match on display events; slow to accept some changes.

	Dragon IDS Suite	SecureNet 7145C	IntruShield 4000	RealSecure	Snort	ManHunt
Performance 45%	2	2	4	4	2	3
Management and administration 25%	3	4	4	4	2	3
Features 20%	3	3	5	3	2	4
Configuration 10%	3	3	5	3	3	3
TOTAL SCORE	2.6	2.8	4.3	3.7	2.1	3.2

Individual category scores are based on a scale of 1 to 5. Percentages are the weight given each category in determining the total score. Scoring Key: 5: Exceptional showing in this category. Defines the standard of excellence; 4: Very good showing. Although there may be room for improvement, this product was much better than the average; 3: Average showing in this category. Product was neither especially good nor exceptionally bad; 2: Below average. Lacked some features or lower performance than other products or than expected; 1: Consistently subpar, or lacking features being reviewed.

Click to see:

Back to main review: Gigabit intrustion-detection systems

Read more about security in Network World's Security section.