Index

Group Test (Edition 3)

Foreword

The NSS Group is pleased to present the results of its third Gigabit IDS Group Test which includes just two brand new products - a further three products failed our stringent testing requirements and thus do not appear in this report.

The NSS Gigabit IDS Group Test evaluates the performance, reliability, security effectiveness, and usability of Network IDS products. The test consists of seven sections within three primary areas: performance and reliability, security accuracy, and usability.

Overall, the suite contains over 700 individual tests, many of which are run multiple times, to provide the most thorough and complete evaluation of Network IDS products available anywhere today.

We believe that our test methodology will become the de facto standard for testing intrusion detection devices, and the NSS Approved logo an essential item on the list of requirements when purchasing these products.

We also believe that this report is essential reading for anyone considering deploying Intrusion Detection Systems in their networks, either in a test or live situation, and we hope that you find it both informative and useful in making your purchasing decisions. The Gigabit IDS Group Test (Edition 3) report can be viewed on-line at www.nss.co.uk/gigabitids.

Bob Walder

Table of Contents

INTRODUCTION
Host IDS (HIDS)
'Traditional' Host IDS (HIDS)
File Integrity Assessment (FIA)
Network IDS (NIDS)
Network Node IDS (NNIDS)
Intrusion Prevention Systems (IPS)
Host IPS (HIPS)
Network IPS (NIPS)
Gigabit IDS
Which Technology Is The Best
Problems with IDS
Detection Methods
Pattern Matching
Stateful Pattern Matching
Protocol Decode
Heuristic Analysis
Anomaly Analysis
Which Detection Method Is The Best
Monitor-Evaluate-Modify: The Security Cycle