Best IDS/IPS by SC Magazine
A post at the Snort-users mailing list took me to the “best intrusion detection/prevention solution”-competion at SC Magazine. First, is it actually a competition? Deciding something by voting is what I call an election?
Leaving that aside, two things strikes me.
First, what are the critera for deciding what is best? Best as protection against security incidents, most good looking, easiest to administer or the least pricey? Have the voters something to compare with? The results would most likely point to “the most used”, not “the best in terms of protection”. When the results of the “competition” is presented and Snort is the winner, then I consider myself right :)
Secondly, how have the nominees been decided? Among the nominees I see a product that only does wireless (AirDefence), a product that only looks at the host (CA HIPS), a UTM-product (Fortinet), a NBAD-product (lancope), and finally, but also the most striking: an IPS as a managed service (Verisign). Hell, on what criteria have they decided upon these vendors/products? And where are their competitiors such as Juniper, TopLayer, and why not Bro, and where are all the SIEM-solutions?
NSS has the closest thing to a good evaluation standard of IDS/IPS-system. Not perfect though, but I hope people look, and pay, for those reports instead of making decisions on the results of crappy “competitions”.