• United States
by nobody

Gigabit IDS test results

Nov 04, 20023 mins
Intrusion Detection SoftwareNetwork SecuritySecurity

Performance and Net Result data from our gigabit IDS tests.

Summary of Gigabit IDS performance

Our analysis was based on 28 attacks delivered in four tests — baseline tests with no traffic and tests at 970M bit/sec on untuned and tuned systems. If an IDS did not detect an attack in our baseline tests, the attack was not included in the tests conducted with a 970M bit/sec traffic load.
Detection results on untuned systems
Attacks detected at baseline, based on 28 attacks delivered Attacks detected at gigabit speeds, based on the number of attacks detected at baseline



Intrusion 11/28 4/11
IntruVert 24/28 21/24
ISS 16/28 16/16
Snort 16/28 6/16
Symantec 14/28 13/14
Detection results on tuned systems
Attacks detected at baseline, based on 28 attacks delivered Attacks detected at gigabit speeds, based on the number of attacks detected at baseline



Intrusion 15/28 14/15
IntruVert 28/28 27/28
ISS 25/28 25/25
Snort 18/28 8/18
Symantec 14/28 13/14
Dragon IDS Appliance Version 5.0.3; Dragon IDS Sensor Appliance


Company: Enterasys, (603) 332-9400, Price: $6,600 for Dragon IDS Server Appliance; $8,400 for Dragon IDS Sensor Appliance. Pros: Management is Web-based; quick installation. Cons: Lack-luster performance under load; nonintuitive processor included in management GUI; limited event details.  
SecureNet 7145C


Company: Intrusion, (972) 234-6400, Price: $17,000 for sensor appliance; $1,000 for Intrusion SecureNet Provider management. Pros: Well-designed management GUI; dual power for sensor and manager; good reporting. Cons: Lackluster per-formance under load; time-consuming policy update; drops and over-runs on SPAN port. 
IntruShield 4000, Version 1.1; IntruShield Manager, Version 1.1


Company: IntruVert Networks, (408) 434-8300, Price: $100,000 for Intru-Shield 4000 sensor appliance; $8,000 for IntruShield Manager. Pros: Very good per-former under load; well-designed and intuitive system; fully featured. Cons: Lenghty signature update process; Alert-Viewer sluggish under 100,000-alert payload; pricey.  
RealSecure Gigabit Network Sensor, Version 7.0; RealSecure Workgroup Manager, Version 6.6


Company: Internet Security Systems Price: $25,000 for RealSecure Gigabit Network Sensor; $2,000 for RealSecure Workgroup Manager; $5,000 for Maintenance for RealSecure Gigabit Network Sensor. Pros: Good performer under load; quick policy up-dates; quick attack det-ection on tuned system. Cons: No event acknow-ledgement; ISS must customize signatures.  
Snort on Acid


Company: Available via Price: Open source. Pros: Many configuration options; runs on a variety of platforms; free. Cons: Lengthy installation process; requires tech-nical expertise to set up and maintain.  
ManHunt II, Version 2.11


Company: Symantec Price: $50,000 for ManHunt with 1G bit/sec; $6,000 for Dell Power-Edge 2550 with gigabit support. Pros: Excellent coalescing feature; easy to install; straightforward management GUI. Cons: Cannot filter or match on display events; slow to accept some changes.  
Dragon IDS Suite SecureNet 7145C IntruShield 4000 RealSecure Snort ManHunt
Performance 45%  2 2 4 4 2 3
Management and administration 25%  3 4 4 4 2 3
Features 20%  3 3 5 3 2 4
Configuration 10%  3 3 5 3 3 3


2.6 2.8 4.3 3.7 2.1 3.2
Individual category scores are based on a scale of 1 to 5. Percentages are the weight given each category in determining the total score. Scoring Key: 5: Exceptional showing in this category. Defines the standard of excellence; 4: Very good showing. Although there may be room for improvement, this product was much better than the average; 3: Average showing in this category. Product was neither especially good nor exceptionally bad; 2: Below average. Lacked some features or lower performance than other products or than expected; 1: Consistently subpar, or lacking features being reviewed.

Back to main review: Gigabit intrustion-detection systems