Sourcefire 3D IPS1000

5/1/2006
 

Product Information

Vendor:Sourcefire
Product:Sourcefire 3D IPS1000
Price:from $4,500 for IS1000; from $1,385 for RNA; from $20,200 for Defense Center

Product Rating

Features
Ease of Use
Performance
Documentation
Support
Value for Money
Overall Rating
For:Performs well under normal attack conditions and can work well as a layer of protection for average networks.
Against:If the sensor is compromised for any reason, the IPS system leaves the network vulnerable to attack.
Verdict:Not an IPS star: Sourcefire’s rating here does not take into account the suite’s full capabilities.

Related Group Test

The Sourcefire box does all the things an IPS should do. It fits comfortably in the category of an average IPS, although it must be remembered that the Sourcefire 3D Suite includes a ton of IDS, scanning, and vulnerability management capability which falls outside the context of this review. As an IPS, the box has no standout features, and nothing specifically separates it from other IPSs.

With the management interface geared around the suite as a whole, narrowing down IPS functionality was difficult. There is no defined procedure for setting policies or determining what types of policies are needed.

The configuration of the box itself involves a long navigation through a complicated web interface, and setting different policies and generating the reports we needed was time-consuming and became more difficult the further we progressed.

The box defended against normal scans and attacks, but we were able to compromise the sensor by launching a denial-ofservice attack and bypassing the IPS. With the sensor disabled, the computers on our target network became susceptible to attack by our testing tools. The console could flag up a dead sensor, but that of course will not protect the systems that are under attack.

The appliance comes with a CD that contains documentation and restore information. There are two manuals, one is an installation guide and the other is an administrator manual. But the documentation is very long, more than 900 pages, and is geared to operating the suite as a whole. If the manual is needed to answer specific configuration issues or questions, the search for information can be very time-consuming.

There is a lot of support offered from Sourcefire, including full telephone technical support as well as online help files and email support, as part of an online support site.

The product comprises three appliances: the IS 1000; the RNA; and the Defense Center. It is fairly pricey for its abilities but does require reasonably intensive deployment and management. But you would not buy it for the IPS – this is just one component of the whole suite, which is a much more attractive proposition.

 
 
 
 
Popular Tags
Analyst Reports & Industry Surveys Apple Threats Browser Flaws Consumer Threats Education Email Security Emerging Threats Finance Government Groundbreakers Insider Threats IT Security Training Lawbreakers & Cybercrime Microsoft Mobile Endpoint Security Non-Microsoft Patches Patch Management Patch Tuesday Phishing Privacy Regulation Product News Retail Spam Techniques Trojans Vulnerabilities & Flaws
Home | News | Newsletters | Products | Blogs | Buyers Guide | Jobs | Events | Subscribe | Contact Us | About Us | Advertising | Editorial | Subscribe to our RSS feeds RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions