September 3rd, 2007, 08:08 PM
Sourcefire vs Tipping Point IPS
Hi, I am wondering if anyone has done a comparison head to head with the Tipping Point and Sourcefire IPS systems inline on their network. We have demos from both vendors and know the basics like pricing, capabilities, and general operations. I am looking for more specific factors like speed tests/performance, what is going to do a more through job of blocking, what is going to do a better job of containing a virus or worm, and the like.
We are having a hard time deciding between the two and it seems like there are are a lot more people using the Tipping Point and Sourcefire references are harder to come by. I would also like to here any experiences from people that have Sourcefire inline IPS.
Thanks in advance.
September 5th, 2007, 09:18 PM
I cannot directly answer your question as I am not familiar with Sourcefire. I hope this information helps anyway
We have been using Tipping Point for a little over 2 years and am very satisfied with the performance. We have a 25MB Ethernet connection. I have one interface of our Tipping Point on the outside of our PIX firewall and another interface on the inside of our PIX, RAS, and VPN concentrator.
We do not see any performance issues and based on the reports I get daily it is blocking a LOT of bad stuff.
I do not have to call the support line very often but when I do the wait time is small and I would rate the level of support as OK to good.
It is hard to answer the question as to how effective it is as we have MANY layers of protection with the Tipping Point being just one.
As an example, our Tipping Point blocks between 300 and 400 Slammer Worm attempts daily.
We also use it to block a lot of spyware stuff like Hotbar and MyWay. We even use it to block a lot of IM and P2P traffic.
Hope this helps.
Work... Some days it's just not worth chewing through the restraints...
September 17th, 2007, 02:02 PM
don't know if this input will help, but...
We have both here and the analyst that monitors them says TP is easier to work with. I've only set up and used the SF box for a short time and found it to be clunky (slow interface) -- and that was on a very small (a dozen nodes) and under-used test-network. The documentation did not help at all and stops being useful after giving you the default root password. It appears to me that they want you to spend that $7,000 for their week long class on how to use it. I'm sorry, but having to shell out that kind of cash to learn how to use something that expensive to begin with, is nuts! Mind you, I didn't spend a lot of time on it, but could find no reporting or easy way to get basic information from it.
But, I will tell you that their service was great to work with; we had to "re-purpose" the box from one sensitive area to another and needed to swap the hard drive (destroying the old) -- and they did it for free and in a quick turn around time. I also know the folks at our main campus location (a large university) is using it -- so there must be something good about it.
hope this helps.
By zencoder in forum Firewall & Honeypot Discussions
Last Post: July 19th, 2005, 06:09 PM
By phishphreek in forum Wireless Security
Last Post: June 20th, 2005, 12:52 PM
By fraggin in forum General Computer Discussions
Last Post: January 17th, 2005, 11:13 PM
By Noble Hamlet in forum AntiOnline's General Chit Chat
Last Post: March 17th, 2002, 08:38 AM
By NetSyn in forum Site Feedback/Questions/Suggestions
Last Post: January 29th, 2002, 12:17 AM