OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Gigabit IDS solutions
From: Robert Graham (robert_david_grahamYAHOO.COM)
Date: Thu Nov 16 2000 - 20:42:54 CST

>From: Dragos Ruiu
>Whoa.... I really would rather stay out of the 3-4 way
>quasi-mudslinging going on with this thread but I have
>been biting my tongue for so long now it's starting to hurt :-).
>...
>I believe, and will outline in detail
>shortly that pathological synthetic traffic sequences exist that the
>current systems can't even deal with at a 100Mbps rate, nevermind
>gigabit...

Sorry. I hope you can understand that Ron, Elliot, and myself are developers
more than marketing people. We aren't trying to give the Company Message,
but are instead talking some nifty kinks we put into our technology. I've
learned things listening to how other describe their products. In other
words, it really isn't meant for customers.

Take for example GigE. I can craft traffic such that my product captures a
full 1-Gbps, but you can probably craft special traffic that even at 10-Mbps
our product bogs down. (I can overload one of our competitors with a
carefully crafted stream as low as 1-Mbps, though that is abnormal). Neither
of these extremes is wholly accurate, though both can be interesting in
their own way. Speed is one of those hanging chad issues of IDS.

In any event, raw speed is one of those alpha-male things, but is immaterial
for most customers. The one and only test is putting the boxes on your own
network and seeing how they perform. Network ICE is based upon
protocol-analysis, which means that we have a high degree of sensitivity to
the nature of the traffic and we see wide swings in real-world performance
from customer to customer.

Robert Graham
CTO/Network ICE

_________________________________________________________
Do You Yahoo!?
Get your free yahoo.com address at http://mail.yahoo.com