robert_david_grahamYAHOO.COM

• Next message: Elliot Turner: "Re: Gigabit IDS solutions"
• Previous message: Robert Graham: "Re: Gigabit IDS solutions"
• Maybe in reply to: Daryl: "Gigabit IDS solutions"
• Next in thread: Elliot Turner: "Re: Gigabit IDS solutions"
• Maybe reply: Robert Graham: "Re: Gigabit IDS solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- Ron Gula <rgulaNETWORK-DEFENSE.COM> wrote:
> At 10:37 AM 11/14/00 -0800, "Teicher, Mark" wrote:
> "GigaSentry is at least 10 times the price of standard Sentry."
> This is interesting since most NetworkICE folks I heard at the
> CSI show were touting a 300 Mb/s perfance rate. I don't understand
> why someone would pay 10x price for 3x the performance.

1. It appears to be only about 8 times the price, we've apparently raised the
price on the base Sentry that I was unaware of. (I'm not really in touch with
the sales end of things).

2. We generally sell it on the basis of per-Gbps link monitored, regardless of
the number of boxes it takes.

3. YMMV (your-mileage-may-vary). We believe that the average customer will
certainly achieve 300-mbps in the Real World with a single box, but in labs
with ideal traffic it does a full 1-gbps. Some customers will certainly get
above 300-mbps in the Real World, but you can't count on it.

4. In any event, NIDS is CPU bound: double the speed of the CPU and you double
the traffic rate. We often tell customers to think in terms of 4-Hz/bps, which
means that we essentially need 4-GHz worth of CPU power to monitor a 1-Gbps
link, which should be available next summer.

> >Easy to configure
> >Easy to deploy
> >Easy to manage
> ...lots of debates on this...

I agree with Ron. Each customer has different needs. While things like speed
and number of signatures is important, a customer needs to be concerned with
how effective the IDS will be in practice. However, "in practice" is highly
debatable and not objective: it changes from customer to customer.

For example, Network ICE focuses on long term data retention for tracking
serious adversaries, but this makes it less effective for customers whose
traditional practice is to clear the database every week.

> >Vendor's name and product name doesn't change name every 6 or 8 months.
>
> Not sure what you are concerned about here or how this effects the
> quality of a product.

I disagree with Mark, too. Larger companies criticize the dynamic nature of
smaller companies, but I find this is often a sign of health. They live or die
by their responsiveness, which often shows up as changes. I actually find it
much more of a problem with large companies. Rather than focusing on their
strengths, they move off into new directions abandonning customers and
partners. I know of one large company who sold an IDS, then withdrew it from
the marketplace, then created a new IDS, and then again withdrew it from the
marketplace. During this time, their company name, product name, logo, and
tagline never wavered.

=====
Robert Graham
Personal: http://www.robertgraham.com Work: CTO Network ICE

__________________________________________________
Do You Yahoo!?
Yahoo! Calendar - Get organized for the holidays!
http://calendar.yahoo.com/

• Next message: Elliot Turner: "Re: Gigabit IDS solutions"
• Previous message: Robert Graham: "Re: Gigabit IDS solutions"
• Maybe in reply to: Daryl: "Gigabit IDS solutions"
• Next in thread: Elliot Turner: "Re: Gigabit IDS solutions"
• Maybe reply: Robert Graham: "Re: Gigabit IDS solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]