Sourcefire vs Tipping Point IPS
Hi, I am wondering if anyone has done a comparison head to head with the Tipping Point and Sourcefire IPS systems inline on their network. We have demos from both vendors and know the basics like pricing, capabilities, and general operations. I am looking for more specific factors like speed tests/performance, what is going to do a more through job of blocking, what is going to do a better job of containing a virus or worm, and the like.
We are having a hard time deciding between the two and it seems like there are are a lot more people using the Tipping Point and Sourcefire references are harder to come by. I would also like to here any experiences from people that have Sourcefire inline IPS.
Thanks in advance.
don't know if this input will help, but...
We have both here and the analyst that monitors them says TP is easier to work with. I've only set up and used the SF box for a short time and found it to be clunky (slow interface) -- and that was on a very small (a dozen nodes) and under-used test-network. The documentation did not help at all and stops being useful after giving you the default root password. It appears to me that they want you to spend that $7,000 for their week long class on how to use it. I'm sorry, but having to shell out that kind of cash to learn how to use something that expensive to begin with, is nuts! Mind you, I didn't spend a lot of time on it, but could find no reporting or easy way to get basic information from it.
But, I will tell you that their service was great to work with; we had to "re-purpose" the box from one sensitive area to another and needed to swap the hard drive (destroying the old) -- and they did it for free and in a quick turn around time. I also know the folks at our main campus location (a large university) is using it -- so there must be something good about it.
hope this helps.