prevention

This IPS (the renamed UnityOne-50) is the baby of TippingPoint's range, able to support throughput of up to 50Mbps – but the firm has a full range of products, able to cope with throughput up to five gigabits. The TippingPoint 50 has dual Fast Ethernet ports, so it can work inline with a connection and a dedicated management port.

This might not be the most attractive appliance, with a bright green front, but its flexible architecture is likely to win it support. It is designed to sit internally or between the firewall and router and can support up to 100Mbps of network traffic. It comes with two Fast Ethernet ports and operates in-line with a network connection. There is also a dedicated management port.

XSGuard's C-Series is the easiest product to install. Just plug the internal side of your network into the marked Fast Ethernet port and the external side in the other marked port. Turn the box on and it connects to the XSGuard servers and starts filtering traffic at 100Mbps.

Documentation was also available on CD. The steps were laid out and neatly organized. Pictures of an actual installation were included for reference and there were even instructions for rack-mounting the IPS server. The content was easy to understand and did not assume a high level of expertise.

Two quick-reference cards were provided making it easy for operators to bypass all the major settings and quickly configure a running system. For those wishing to read in detail, the complete actual manual has over 300 pages distributed among 14 chapters. Compared to the other IPS products we tested, ISS's documentation appeared to be very thorough and complete.

Technical support was not required and a test call resulted in a satisfactory response.

There were no difficulties with the basic installation of the IPS. However, it did require third-party software and hardware, specifically, a Windows 2000 Server and Microsoft SQL2000. We see no problem with the option of using an external third-party database, but believe that all required software should be supplied.

We reluctantly rank the ISS Proventia at three stars due to its requirement for third-party software and an additional server. The ISS device is not the most expensive product we tested, but its value for money rating is impacted severely by the requirement for third-party software and hardware.

Produced by McAfee, and the only Host-based IPS (HIPS) tested, Entercept monitors events at the operating system or application server level. As it does not deal with network-based exploits, it is very complementary to existing solutions that deal with attacks on that level, such as firewalls and network-based IDS or IPS products. The latest version adds welcome new features such as a new licensing scheme, key backup capabilities, additional reports, OS lockdown and custom signatures, as well as numerous improvements "under the hood."

Based on standard and custom-designed processors, the NAI IntruShield system is a high-performance appliance that offers real-time network intrusion detection and prevention against known and unknown, denial-of-service (DoS) attacks for enterprise networks.

Proventia G Series is a new range of turnkey intrusion prevention appliances from ISS. They are designed to proactively block malicious attacks from entering the network, including denial-of-service (DoS), intrusions and malicious code, backdoors and hybrid threats like MS Blaster or SQL Slammer. Proventia G Series blocks attacks in real-time, minimizing the need for active administrator involvement in most security events.

The IDP-500 is a turnkey appliance-based system which uses as many as eight detection methods to detect malicious network traffic. This Intrusion Detection and Prevention (IDP) System is capable of operating in in-line mode as an Intrusion Prevention System (IPS) or as a passive Intrusion Detection System (IDS) attached to a span or mirror port on a switch.

Based on custom-designed high-speed security processors, the UnityOne network-based Intrusion Prevention Appliances (IPA) and Intrusion Prevention Systems (IPS) are designed to stop cyberattacks in the network before such attacks can infect, damage or destroy core IT assets.

Top Layer's Attack Mitigator IPS is actually a family of ASIC-based Network Intrusion Prevention Systems (NIPS), with blocking and control against certain types of cyber attacks. The product tested is the Attack Mitigator IPS 2400, a combination of multiple Attack Mitigator IPS 1000 and load-balancer units.

The Entercept system, now acquired by Network Associat-es, has in its latest version bought a major revision to how software runs in the enterprise.