The Value of ICSA Labs Network IPS Testing
14
The Value of ICSA Labs Network IPS Testing Jack Walsh, ICSA Labs, Panel Moderator Panelists: Dr. Terence Liu, BroadWeb Corporation Chris Simmons, Fortinet Inc. Benny Benegal, IBM Internet Security Systems Brian Smith, TippingPoint, a division of 3Com . 2/7/07 – Session Code: DEF-202
description
The Value of ICSA Labs Network IPS Testing. Jack Walsh, ICSA Labs, Panel Moderator Panelists: Dr. Terence Liu, BroadWeb Corporation Chris Simmons, Fortinet Inc. Benny Benegal, IBM Internet Security Systems Brian Smith, TippingPoint, a division of 3Com . 2/7/07 – Session Code: DEF-202. - PowerPoint PPT Presentation
Transcript of The Value of ICSA Labs Network IPS Testing
The Value of ICSA Labs Network IPS TestingJack Walsh, ICSA Labs, Panel Moderator
Panelists:Dr. Terence Liu, BroadWeb Corporation
Chris Simmons, Fortinet Inc.Benny Benegal, IBM Internet Security SystemsBrian Smith, TippingPoint, a division of 3Com
.
2/7/07 – Session Code: DEF-202
Agenda
•Background on ICSA Labs & Network IPS Testing program
•Questions for the panel
•Audience questions for the panel
Background on ICSA Labs
•Founded in 1989
•Security industry’s central authority for certification testing
— Testing products and solutions since 1991
•Vendor neutral
•ISO 9001:2000 Certified
•Test security products from technologies that include:
— Anti-Virus, Firewall, IPsec VPN, SSL VPN, Anti-Spyware, and Web Application Firewall products
Network IPS Testing - History
•First Round
— Began late 2005
— Ended June 2006
•Since then
— Network IPS testing is ongoing against all candidate devices
— New vendors have submitted products for testing
— Aperiodic Testing
•Largely because of Vulnerability Set updates
•Certified products must maintain certification
ICSA Labs Network IPS Certified
•Four Vendors have certified Network IPS devices
— BroadWeb’s NetKeeper 3256P
— Fortinet’s FortiGate Multi-Layered Security Systems (13 models)
— IBM Internet Security Systems’ Proventia G400 Network IPS
— TippingPoint’s TippingPoint 5000E
Network IPS Testing - Key Characteristics
•Real Background traffic
•Test vulnerabilities relevant to enterprise end users
•Includes DoS testing
•Independent, Objective & Pass/Fail
•Test critical capabilities simultaneously
•Continuous Deployment – aperiodic testing
•Testing Program – provides assurance to enterprise users
Panel Question #1
•Some organizations already have host or network based IDS, SIMS, Network analysis tools, and other security management systems in place. What considerations must be made for a network IPS to fit into an organization's current environment?
Panel Question #2
•When end user organizations evaluate a Network IPS, should they do more than test what attacks it can block? If so, why? If not, why not?
Panel Question #3
•What are some common pitfalls for end users to avoid when evaluating Network IPS devices?
Panel Question #4
•Businesses may be reluctant to enable not just attack detection but also attack prevention due to vendor trust issues and the fear of breaking legitimate applications. How can such businesses gain more confidence that Network IPS devices will not adversely affect legitimate network traffic?
Panel Question #5
•Describe your experience with ICSA Labs' Network IPS certification testing?
Panel Question #6
•What did you find different about ICSA Labs Network IPS certification testing as compared to other third-party testing programs?
Panel Question #7
•Given the rapidly evolving nature of threats, does ICSA Labs certification testing quantify clearly enough the types of protections that must be provided to have value in the marketplace?
Panel Question #8
•What recommendations would you make to end users or other Network IPS vendors about ICSA Labs Network IPS certification testing?
![NSS Labs Network IPS 2010 Comparative Test Results[1]](https://static.fdocuments.us/doc/165x107/5406b5f0dab5cafa7b8b47a3/nss-labs-network-ips-2010-comparative-test-results1.jpg)
