Skip Links

Network World

  • Social Web 
  • Email 
  • Close

Gigabit IDS test results

By nobody , Network World , 11/04/2002
  • Share/Email
  • Comment
  • Print
Summary of Gigabit IDS performance
Our analysis was based on 28 attacks delivered in four tests — baseline tests with no traffic and tests at 970M bit/sec on untuned and tuned systems. If an IDS did not detect an attack in our baseline tests, the attack was not included in the tests conducted with a 970M bit/sec traffic load.
Detection results on untuned systems
Attacks detected at baseline, based on 28 attacks delivered Attacks detected at gigabit speeds, based on the number of attacks detected at baseline
Enterasys
 		16/28
 		3/16
Intrusion 11/28 4/11
IntruVert 24/28 21/24
ISS 16/28 16/16
Snort 16/28 6/16
Symantec 14/28 13/14
Detection results on tuned systems
Attacks detected at baseline, based on 28 attacks delivered Attacks detected at gigabit speeds, based on the number of attacks detected at baseline
Enterasys
 		17/28
 		8/17
Intrusion 15/28 14/15
IntruVert 28/28 27/28
ISS 25/28 25/25
Snort 18/28 8/18
Symantec 14/28 13/14
Click to see:


Dragon IDS Appliance Version 5.0.3; Dragon IDS Sensor Appliance
2.6
Rating 		Company: Enterasys, (603) 332-9400, Price: $6,600 for Dragon IDS Server Appliance; $8,400 for Dragon IDS Sensor Appliance. Pros: Management is Web-based; quick installation. Cons: Lack-luster performance under load; nonintuitive processor included in management GUI; limited event details.  
SecureNet 7145C
2.8
Rating 		Company: Intrusion, (972) 234-6400, Price: $17,000 for sensor appliance; $1,000 for Intrusion SecureNet Provider management. Pros: Well-designed management GUI; dual power for sensor and manager; good reporting. Cons: Lackluster per-formance under load; time-consuming policy update; drops and over-runs on SPAN port.  
IntruShield 4000, Version 1.1; IntruShield Manager, Version 1.1
4.3
Rating 		Company: IntruVert Networks, (408) 434-8300, Price: $100,000 for Intru-Shield 4000 sensor appliance; $8,000 for IntruShield Manager. Pros: Very good per-former under load; well-designed and intuitive system; fully featured. Cons: Lenghty signature update process; Alert-Viewer sluggish under 100,000-alert payload; pricey.  
RealSecure Gigabit Network Sensor, Version 7.0; RealSecure Workgroup Manager, Version 6.6
3.7
Rating 		Company: Internet Security Systems Price: $25,000 for RealSecure Gigabit Network Sensor; $2,000 for RealSecure Workgroup Manager; $5,000 for Maintenance for RealSecure Gigabit Network Sensor. Pros: Good performer under load; quick policy up-dates; quick attack det-ection on tuned system. Cons: No event acknow-ledgement; ISS must customize signatures.  
Snort on Acid
2.1
Rating 		Company: Available via www.snort.org Price: Open source. Pros: Many configuration options; runs on a variety of platforms; free. Cons: Lengthy installation process; requires tech-nical expertise to set up and maintain.  
ManHunt II, Version 2.11
3.2
Rating 		Company: Symantec Price: $50,000 for ManHunt with 1G bit/sec; $6,000 for Dell Power-Edge 2550 with gigabit support. Pros: Excellent coalescing feature; easy to install; straightforward management GUI. Cons: Cannot filter or match on display events; slow to accept some changes.  
Dragon IDS Suite SecureNet 7145C IntruShield 4000
RealSecure
Snort
ManHunt
Performance 45%  2 2 4 4 2 3
Management and administration 25%  3 4 4 4 2 3
Features 20%  3 3 5 3 2 4
Configuration 10%  3 3 5 3 3 3
TOTAL SCORE
2.6 2.8 4.3 3.7 2.1 3.2
Individual category scores are based on a scale of 1 to 5. Percentages are the weight given each category in determining the total score. Scoring Key: 5: Exceptional showing in this category. Defines the standard of excellence; 4: Very good showing. Although there may be room for improvement, this product was much better than the average; 3: Average showing in this category. Product was neither especially good nor exceptionally bad; 2: Below average. Lacked some features or lower performance than other products or than expected; 1: Consistently subpar, or lacking features being reviewed.
Click to see:


Back to main review: Gigabit intrustion-detection systems

  • Share/Email
  • Comment
  • Print
Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed

Whitepapers

Stock Spam: A Classic Scam

Ever since there have been stocks and shares there have been so called "pump 'n' dump" scams. This...

Spyware: Know Your Enemy

Like Macavity, the fictional feline in T. S. Eliot's well-known poem, spyware may be considered to...

The Online Shadow Economy: A Billion Dollar Market For Malware Authors