Cisco vs Tipping point

Unanswered Question
Apr 19th, 2009
User Badges:

Hi All,

We have a customer who want us to do a head to head comparison between Cisco IPS and TP. I went through the cisco competitive guide but didn't find out much technical info in it. I also found an old mirecom report(2005)comparing IPS 4255 to TP but not much convincing and old doucment.

Can someone please advise what are the main technical advantages over tipping point; the customer wants IPS to secure the permieter so I wanted to propose IPS 4240, any hints?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
rhermes Mon, 04/20/2009 - 14:13
User Badges:
  • Gold, 750 points or more

Tipping Point has fewer abilities for packet capture (called logging in Cisco-speak) while Cisco can capture a defined number of packets past the evnt, Tipping Point only can capture the packet that caused the event. This means that if you plan on providing analysis of your security events, you will not be able to tell if an attack detected on a Tipping Point IPS was sucessful. Tipping point does a much better job of looking at asymetrical traffic (one side of the session). Cisco has the option, but it doesn't work very well and last summer actually increased the CPU on a 4270.

I'd say get a Tipping Point if you want to set it and forget it, and get a Cisco if you are really investigating your events.


This Discussion