intrusion

Documentation was also available on CD. The steps were laid out and neatly organized. Pictures of an actual installation were included for reference and there were even instructions for rack-mounting the IPS server. The content was easy to understand and did not assume a high level of expertise.

Two quick-reference cards were provided making it easy for operators to bypass all the major settings and quickly configure a running system. For those wishing to read in detail, the complete actual manual has over 300 pages distributed among 14 chapters. Compared to the other IPS products we tested, ISS's documentation appeared to be very thorough and complete.

Technical support was not required and a test call resulted in a satisfactory response.

There were no difficulties with the basic installation of the IPS. However, it did require third-party software and hardware, specifically, a Windows 2000 Server and Microsoft SQL2000. We see no problem with the option of using an external third-party database, but believe that all required software should be supplied.

We reluctantly rank the ISS Proventia at three stars due to its requirement for third-party software and an additional server. The ISS device is not the most expensive product we tested, but its value for money rating is impacted severely by the requirement for third-party software and hardware.

Produced by McAfee, and the only Host-based IPS (HIPS) tested, Entercept monitors events at the operating system or application server level. As it does not deal with network-based exploits, it is very complementary to existing solutions that deal with attacks on that level, such as firewalls and network-based IDS or IPS products. The latest version adds welcome new features such as a new licensing scheme, key backup capabilities, additional reports, OS lockdown and custom signatures, as well as numerous improvements "under the hood."

Based on standard and custom-designed processors, the NAI IntruShield system is a high-performance appliance that offers real-time network intrusion detection and prevention against known and unknown, denial-of-service (DoS) attacks for enterprise networks.

Proventia G Series is a new range of turnkey intrusion prevention appliances from ISS. They are designed to proactively block malicious attacks from entering the network, including denial-of-service (DoS), intrusions and malicious code, backdoors and hybrid threats like MS Blaster or SQL Slammer. Proventia G Series blocks attacks in real-time, minimizing the need for active administrator involvement in most security events.

The IDP-500 is a turnkey appliance-based system which uses as many as eight detection methods to detect malicious network traffic. This Intrusion Detection and Prevention (IDP) System is capable of operating in in-line mode as an Intrusion Prevention System (IPS) or as a passive Intrusion Detection System (IDS) attached to a span or mirror port on a switch.

Based on custom-designed high-speed security processors, the UnityOne network-based Intrusion Prevention Appliances (IPA) and Intrusion Prevention Systems (IPS) are designed to stop cyberattacks in the network before such attacks can infect, damage or destroy core IT assets.

Top Layer's Attack Mitigator IPS is actually a family of ASIC-based Network Intrusion Prevention Systems (NIPS), with blocking and control against certain types of cyber attacks. The product tested is the Attack Mitigator IPS 2400, a combination of multiple Attack Mitigator IPS 1000 and load-balancer units.

The Entercept system, now acquired by Network Associat-es, has in its latest version bought a major revision to how software runs in the enterprise.

Accomplished hackers will always perform some sort of reconnaissance on a target network before mounting an attack - finding out details such as operating system types, application version, etc. The idea behind ActiveScout is that if the application can detect this activity it can later prevent it. Bogus host or port data traffic is marked, and the application responds to any future activity it thinks is coming from an attacker with such marked data. It then blocks the packets and stops any damage ever occurring.

Top Layer Networks' Attack Mitigator lies at the traditional end of intrusion prevention. It aims to defend against both internal and external hackers using denial-of- service (DoS) and distributed denial-of-service (DDoS), as well as giving broad protection against other well-known attacks. This is done using a mixture of stateful inspection hardware and packet inspection software.

Primary Response is the first product to come from Sana Security (formerly Company 51). The software is based on research that began in the mid-nineties and uses techniques more akin to the human immune system than conventional network security.