| Gigabit Intrusion Detection Systems Group Test (Edition 3) Foreword The NSS Group is pleased to present the results of its third Gigabit IDS Group Test which includes just two brand new products - a further three products failed our stringent testing requirements and thus do not appear in this report. The NSS Gigabit IDS Group Test evaluates the performance, reliability, security effectiveness, and usability of Network IDS products. The test consists of seven sections within three primary areas: performance and reliability, security accuracy, and usability. Overall, the suite contains over 700 individual tests, many of which are run multiple times, to provide the most thorough and complete evaluation of Network IDS products available anywhere today. We believe that our test methodology will become the de facto standard for testing intrusion detection devices, and the NSS Approved logo an essential item on the list of requirements when purchasing these products. We also believe that this report is essential reading for anyone considering deploying Intrusion Detection Systems in their networks, either in a test or live situation, and we hope that you find it both informative and useful in making your purchasing decisions. The Gigabit IDS Group Test (Edition 3) report can be viewed on-line at www.nss.co.uk/gigabitids. Bob Walder Table of Contents INTRODUCTION
Host IDS (HIDS)
'Traditional' Host IDS (HIDS)
File Integrity Assessment (FIA)
Network IDS (NIDS)
Network Node IDS (NNIDS)
Intrusion Prevention Systems (IPS)
Host IPS (HIPS)
Network IPS (NIPS)
Gigabit IDS
Which Technology Is The Best
Problems with IDS
Detection Methods
Pattern Matching
Stateful Pattern Matching
Protocol Decode
Heuristic Analysis
Anomaly Analysis
Which Detection Method Is The Best
Monitor-Evaluate-Modify: The Security Cycle Product Reviews ISS Proventia A604
Executive Summary
Architecture
Intrusion Detection Appliance
Proventia Network Agent
SiteProtector
Deployment Manager
Application Server
Sensor Controller
Proventia Site Database
Event Collector
SiteProtector SecurityFusion Module
SiteProtector Console
Performance
Security Effectiveness
Usability
Installation
Configuration
Policy Management
Alert Handling
Reporting and Analysis
Verdict
Contact Details Sourcefire IS3000 V4.0.2
Executive Summary
Architecture
Intrusion Sensor
Sourcefire Defense Centre
RNA Sensor
Performance
Security Effectiveness
Usability
Installation
Configuration
Policy Management
Alert Handling
Reporting and Analysis
RNA
Verdict
Contact Details Summary Gigabit IDS Performance Testing
The Test Environment
Section 1 - Detection Engine
Section 2 - Evasion
Section 3 - Stateful Operation
Section 4 - Detection Performance Under Load
Section 5 - Stability & Reliability
Section 6 - Management and Configuration Test Results Appendix B - The Test Equipment
Spirent Communications SmartBits SMB-6000/sMB-600
SmartBits Applications
Spirent Communications Avalanche and Reflector
Adtech-AX/4000
Cisco Catalyst 6500 Series Switches
Blade Software Informer Suite
Open Source Replay Tools | 
