Security Watch

Keeping Track of patches and hacks in the IT security world.

IBM/McAfee IPS: You Can't Both Be the Fastest Ever

IBM put out a network IPS on May 22 with inspection rate speeds of 6G bps—what it calls "unsurpassed" performance. McAfee put out an IPS on May 22 that it says is the fastest network intrusion prevention system ever, its 10G-bps IntruShield M-Series platforms.

McAfee's faster at 10G bps, right? Well, when I asked, IBM said its new Proventia Network IPS GX6116 supports throughput of up to 15G bps (5 gigs over McAfee's IPS); it's the packet inspection rate that's "only" 6G bps.

OK, fair enough. That got McAfee really steamed. McAfee came back with this statement/tome:

  • IBM says it has 15G bps throughput while following it with the fact that you are only getting pre-emptive protection (code name for security) up to 6Gbps. What this means is that from 6G bps to 15G bps the appliance is essentially acting not as a network IPS but as the most expensive Gigabit Optical cable you could buy.
  • IntruShield is the ONLY network IPS in the world to hold the new Multi-Gigabit IPS certification from the NSS Group. You can't pass this NSS test unless you deliver performance + security and protection with no compromise. McAfee was the only one—out of 12 vendors—to pass this stringent test.
  • IBM's appliance is pushing traffic through with no real-time proactive intrusion prevention at that level of performance.
  • On PC-based IPS solutions like this (and most of the others out there), increased performance = less security. Once you're beyond 6Gbps (at most), you're in the 'less security' zone.
  • A 6Gbps IPS solution is a good achievement, however the IntruShield solution is completely different. IntruShield is the only network IPS that is purpose-built from the ground up to do nothing but network IPS. That means that whether you're deploying our 200M bps appliance or our new 10GigE/10Gbps appliance, you do not get a diminished or compromised level of security at the maximum throughput.
  • IntruShield is not a PC. It's an ASIC-based purpose-built solution and real-time operating system. It performs deep-packet inspection while parsing more that 120 different protocols, all in real-time. When we say 10Gbps, we mean 10Gbps and 100% security.
Don't you love marketing? If you've deployed an IPS and have thoughts on these performance tug-of-wars, or if your organization is one of those that need "real-time" packet inspection, I'd love to hear your take.