CISSP CPE6: NSS Labs - Consistency in Security Effectiveness
length: 01:00:00
Webinar with Sourcefire in regards the NSS IPS group test
2012
Dave Stuart,
marketing Sourcefire
Bob Walder Chief
Research officer, NSS Labs
Jason Brvenik VP, Security Strategy, Sourcefire
NSS: security research analysis company, subscription to unlimited
access to in depth tests..
Provide information that business need to be secure.
Independent ! NOT vendor founded!
Why perform test?
NSS the only one with in house testing facilities..
Right size not the same as throughput...
Effective protection?
Idea to see how devices perform in the real world
The bad guys are always one step ahead.. the good guys
are always playing catching up..
% detection?
Protect better S2C or C2S?
Which application more covered?
6.2 IPS methodology
The methodology has been revised, largest and most
comprehensive test ever..
1500 live exploits & evasions (this is just subset
from the thousands of exploits) -not traffic replay
300 new exploit 75 new evasions
Connection dynamic & their real-world impact
All new management criteria & analysis - important
point
All new device stability testing (extensive fuzzing test,
leaking...)
3 year TCO & value calculation. (not only the purchase
price, sensor, mgt, support, signature updates, man hours)
Effective security of the device.
Performance of the device.
If vendor perform consistently year after year - meaning
that that vendor has keep on improving the product!!!
We talk to customer which product they want to see..
The test is quite challenging - not all vendor are
willing to participate.
Does this product meet my needs?
Protect assets? Performance? scale?
What is the true TCO?
Do claim match reality
What questions should I ask? What catch rate is so low? Will
session ramp up?
Giving much more data to potential buyers
Comparative analysis report:
Product improvement / maintained / degraded?
Should upgrade to the latest version?
Should consider another solution?
Are critical assets protected?
Which vendor are consistent? Which vendor shine brightly
for brief year then fade...
Security value map:
Quadrant: Security - Value - Rating
Q1 + +
recommended
Q1 - +
neutral
Q3 - -
caution
Q4 + -
neutral
Sourcefire:
Buying security product is not like buying car...
requires consistently improving performance & effectiveness.
Security evolve : larger attack surface & new attack
vectors
4 key k
Protection
Real word IPS throughput
Concurrent connection
TCO
Source firewall NSS2012 result:
98.9& overall protection NSS result!
99% C2S
98% S2C
100% resistance to evasion
No attack leakage
the best overall protection of any vendor to date...
170% rated performance..
Design to perform, scalability , protection
Sourcefire 8260 8250
8120
-------------------------------------------
Protection 98.9%
98.9% 98.9%
Real world
IPS throughput 34Gbps 17Gbps 3.4Gbps
Concurrent
connection 60M
30M 15M
TCO/Mbps $15
$19 $34
These are pretty impressive awesome result.
Rating well beyond what it was rated
We don’t believe that you have to make choice between
security & performance
We believe if you make the investment you can achieve
what you need.
Testing not completed in 2012...
8250 15Gbps
8260 34Gbps
8270 51Gbps* - three stack - does not require external
device
8290 64Gbps* - four stack - does not require external
device
-fail safe mode no need external tap / bypass kit.
Sourcefire - creator of snort... ClamAv razorback
Omar's question:
can vendor somehow cheat the tests? (like making more
aggressive signatures but might cause false positive?)
this happens.. but NSS will detect cheaters...
posted by omarg at
4:00 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home