Saturday, 16 January 2010

IPS (Intrustion Prevention Ssytem) Compaison

Network Intrusion prevention system can detect and block attacks and can act as a Patched shield for Information System.

As Network IPS Market continues to mature and evolve that had considered the IDS Intrusion detection System several years ago.

Most vendors in market issue Vulnerability facing IPS signatures with in 24 Hours of patch release, which is habitually faster than an enterprise's ability to patch system before it gets too late. So finally for this reason IPS signatures never really go away and ability of IPS boxes to maintain Wire speed with large signature database or a list is Critical.

I am considering IPS products on the basis of true IPS feature which are as under

Perform Packet normalization and inspection As in Cisco normalization engine collects fragment of TCP packets and assemble them prior to inspection

Wire speed performance when running inline mode, and don’t cause performance Bottleneck

Can perform Multiple actions upon data packet streams such as anomaly analysis, signature analysis, scanning and behaviour analysis

Not only reset the abnormal sessions but also drop them

Rate limiting capability and QoS up to some extent (Optional)

Here we go with Comparison; I am not going to be prejudiced during my comparison

Check Point software

Well established Security Company well known due to its Firewall products IPS-1 Sensor appliances (ranging in price from $7,000 to $115,000 and in-line performance from 50Mbps to 2000Mbp)


IPS-1 can be considered by the customers that are already running checkpoint devices or already have relation with vendor, or due to smart defence system (that provides intrusion prevention capabilities that are integrated into Check Point products. SmartDefense also helps to minimize threats by providing defences that can be used before vendor supplied patches become available or are fully installed throughout a network)

Checkpoint is committed to add some more resources in R&D of IPS to produce better and advanced product in the market in next couple of years.

Appliance Operating system is the dame as used in Check point Firewalls and it is fast and powerful

In April 2009 Checkpoint has purchased Nokia Security Appliances which can give good future patch in IPS appliances market


IPS-1 cannot work with Other Check point appliances in single SmartCenter Console

Checkpoint strategy for IPS is unclear

IPS-1 Deployments across the glob is limited

Cisco Systems

Cisco has different flavours of IPS ranging from stand alone appliance and IDS services Module Switch Blade, Cisco has also introduced add-in hardware module for ASA series firewall and software based IPS within IOS based routers. After the acquisition of Ironport in Mid 2007 and Protego Networks , Cisco now has Email , Web and behaviour analysis products that can be used with IPS Products.


Cisco offers a Wide range of intrusion prevention choices.

Cisco has Global support and broad geographic hold.

Has recently introduces Free IPS manager Express can monitor upto 5 Devices

Risk rating feature can be adjusted based upon alert factors.

Cisco is one of the Top 5 vendors according to market share in 2008


Cisco IPS Device manager console is not as good as comparison to the most leading IPS products (though SM-MARS can adress some short comings but an expensive option)

Risk Rating feature need experienced administrator to tune.

Though Cisco has made lot of improvement in signature quality during last 12 months but it is still an issue.

Juniper Networks

Juniper has good history in Security products based on Netscreen acquisition in 2002. Its Intrustion Prevention (IDP) appliance has four models running on Linux kernel. IPS is also available in ISG firewall and SRX. Current challenge with Juniper is to migrate all products using ScreenOS and linux to JUNOS


It is one of the Top 5 vendors according to market share in 2008

Satisfied Customers, and outstanding post sales support.

Juniper IDP support highest number of virtual IPS instances.

Juniper console and NSM are considered competitive.


During past couple of years IDP has less visibility in market, because juniper had made advances in different fields basically focused on competing with Cisco.

JUNOS operating system need to maintain a low rate of vulnerabilities on all products

JUNOS don’t have reputable feeds with Web Security gateways and Email Security.

McAfee IntruShield

McAfee is well known Security brand, it has made considerable investment in Hardware Security Products. Recently Intrushield Product is renamed as McAfee Network Security Platform. However McAfee has recently acquired Secure Computing.


High throughput making it an ideal product for Enterprise Network

Preferred product for the Companies already running Mcafee Security Products like ePO, NAC

One of the Top 5 Vendors in the Market producing IPS appliances


Well-known Due to Host based Security Products.

Acquisition of Secure Computing may divert some Resources

...................... To be continued


  1. Nice effort but missing loads of information

  2. What you mean by this comment

  3. McAfee Intrushield is one of the best out there right now and used by the larger enterprises that need Gig+ connectivity.....

  4. I believe ... Tipping point .... is the top of the list

  5. I like very well. Thanks sharing these important information this post. Intrusion Protection