Review: IDS/IPS

By on
Review: IDS/IPS

This device is like a slightly stripped down version of a unified threat manager (UTM). The SecurityMetrics IDS/IPS not only includes IDS/IPS functionality, but it is also a vulnerability assessment tool and it can be configured to be a firewall and router. This appliance is also capable of protecting the network from viruses, pornography, backdoors, cross-site scripting attacks and many other threats.

This appliance is also capable of protecting the network from viruses, pornography, backdoors, cross-site scripting attacks and many other threats.

This device was shipped almost entirely preconfigured specifically for our environment so set-up was a breeze. It took just a few minutes to plug it in, update it and look over the policy for any tweaking and we were good to go.

Once the appliance was up and running, we found the webGUI to be simple and intuitive to navigate. We also found policy configuration to be simple and quick.

While this appliance was easy to configure, it did not perform well during test. The IDS part worked very well and identified all the attacks. However, the IPS failed to stop most of the attacks and the protected network was compromised quickly by our penetration tool. The IPS did manage to stop a few attacks, but it only takes one serious hole to have a serious problem.

Documentation for this product is insufficient at best. The installation guide is a simple three-page document that does an average job of describing installation, but it does not explain the deployment in any useful detail.

The rest of the documentation is built into the appliance as a simple help file. While this help file is well organised and easy to read, it lacks substantial detail and has no screenshots or diagrams.

SecurityMetrics does offer support free for the first year on hardware/software maintenance. The second year of support has a cost of US$999. The support area of the website offers a support contact, but that is all. Relative to virtually all other products we test in just about all categories, this is a very weak showing.

At a price of just under US$6,000 we thought this product would be a great value, but as an IPS it falls flat. However, the good news is it is a good IDS and it does have a built-in vulnerability assessment tool. In this case, value really depends on what you are looking for.

For: Great IDS appliance with built-in vulnerability assessment and available firewall and routing modules.
Against: IPS is not very effective at all, documentation needs improvement.
Verdict: A bargain priced appliance that is mission a few important capabilities while adding a few non-standard ones; functionality could be aligned better with what is expected of an IPS/IDS.

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?