pilot_16
August 28, 1998
Intrusion Detection Pilot Program Guide
13
q
Product can process network traffic at a rate which is acceptable to you with all of the
attack signatures active.
q
Products performance scales well with the number of attack signatures and filters active.
Increasing the number of predefined or custom signatures does not significantly impact the
performance of the system.
q
Product handles traffic bursts gracefully, switching to sampling mode until the traffic
levels return to a consistent level.
q
Product engines function adequately on an Intel-based system with a 266 MHz. Pentium
processor and minimum 64MB RAM or a SPARC-based Ultra 2 system with 64MB
RAM. Although it will with 64MB RAM 128 MB RAM is recommended
Architecture
q Products architecture adapts well to higher network speeds and switched network
topologies.
q Products architecture allow the attack recognition and response modules to be integrated
into other network devices, such as firewalls and switches.
q
Products architecture allows for the use of off-the-shelf components, significantly
reducing the cost of a Product deployment.
Product Updates, Technical Support, and Industry Research
q
Vendor updates its attack signature database at least six times per year and often more
frequently.
q
Vendor notifies you automatically through e-mail about the availability of new signatures.
q
Vendor makes new attack signatures available for download from its web site to current
customers.
q
Vendor provides technical support via telephone, e-mail, and fax to you 8 am to 6 pm
Monday through Friday, with 24-hour technical support available to those that require it.
q
Vendor provides major product updates at least three times per year.
q
Vendor notifies you automatically through e-mail about the availability of new product
updates.
q
Vendor makes new product updates available for download from its web site to current
customers.
q Vendor supports a research and development team for compiling and understanding new
attack signatures and new system vulnerabilities.
q Vendor notifies the industry about newly discovered attack signatures and system
vulnerabilities periodically through an e-mail service.