Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort - Firewalls

This is a discussion on Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort - Firewalls ; Hey everyone, I am doing some research on IDS for my company. I don't see too much info about Smartdefense and Interspect on the net. Can someone post their experience or test result. Here's some questions i have: *Do ISS ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort

  1. Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort

    Hey everyone,

    I am doing some research on IDS for my company. I don't see too much info
    about Smartdefense and Interspect on the net. Can someone post their
    experience or test result.

    Here's some questions i have:
    *Do ISS and Snort cover a much wider range of attacks that CP products?

    *Speed - Which of these product works well in high-traffic environment?

    *Accuracy? - which one is more accurate?

    * how reliable are these solution?

    Thank you in advance, please feel free to put in other comments

    JEFF-R



  2. Re: Checkpoint SmartDefense & interspect vs ISS Realsecure vs Snort

    jeff is alleged to have said in comp.security.firewalls:

    > Hey everyone,
    >
    > I am doing some research on IDS for my company. I don't see too much info
    > about Smartdefense and Interspect on the net. Can someone post their
    > experience or test result.
    >
    > Here's some questions i have:
    > *Do ISS and Snort cover a much wider range of attacks that CP products?


    Yes, but in different ways. For example, Snort doesn't pick up on certain
    invalid/out of state TCP packets the way SD does. I use both in combination
    to get a more complete picture of network traffic. Also, if you're looking
    at SD, you should look at Interspect as well. It's a hybrid IDS/IPS based
    on SD, but with some extra goodies.

    > *Speed - Which of these product works well in high-traffic environment?


    I've pumped several hundred MBit/p/sec through a lowish-end SPLAT based
    firewall (P3 800/512 meg ram) with all SD features turned on.

    > *Accuracy? - which one is more accurate?


    See my first answer. They're different products with different focuses. It's
    like asking which is more purple, and orange or a peach?

    > * how reliable are these solution?


    I find Snort and SD both to be very reliable. I haven't messed with ISS, so
    color my answers appropriately.


    --
    Recursion: n. See Recursion.

+ Reply to Thread