Readers vote on the best intrusion prevention/detection products, including network-based intrusion detection and prevention appliances, using signature-, behavior-, anomaly- and rate-based detection.
In this part:
Readers gave Sourcefire’s IPS the highest ratings for intrusion detection and prevention. Readers noted the product works accurately and effectively, with solid alerting and reporting features. When asked about return on investment, readers felt Sourcefire IPS gives them a good return for their money.
Sourcefire IPS has its roots in Snort, an open source intrusion detection and prevention tool created by the founders of Sourcefire. The product itself is not open source (our readers evaluated the commercial version of Sourcefire’s IPS), but it can receive alerts from Snort for customers who already have Snort installed. Sourcefire IPS sensors operate in either inline or passive mode.
Sourcefire IPS provides intrusion detection and blocking, dashboard and reporting, policy management and Snort rule editing. It is backed by Sourcefire’s Vulnerability Research Team (VRT), which aims to proactively discover and respond to various attacks and intrusion activities. The VRT uses this information to populate the official Snort rules.
Sourcefire IPS is one component in Sourcefire’s 3D System, an integrated suite that also includes optional endpoint protection, SSL inspection and antimalware.
Expert's market reflection:
"The market for IPS is growing quickly due to the convergence of IPS appliances with firewalls and other products. While standalone IPS devices will still be needed in some situations, we expect to see a blurring of IPS, firewalls and next-gen firewalls, and UTMs in the next two years."
— Jeff Wilson, principle analyst, Infonetics Research
HP TippingPoint Intrusion Prevention SystemHP
The HP TippingPoint Intrusion Prevention System series won the silver with high marks from readers for its effectiveness and accuracy in detecting and preventing attacks. They also liked its frequent signature updates and response to new threats. The HP TippingPoint Intrusion Prevention System provides real-time network packet inspection of network traffic. It includes the HP Tipping Point Reputation Digital Vaccine Service and Web Application Digital Vaccine Service. Its Threat Suppression Engine (TSE) is able to check thousands of packets simultaneously for deep packet inspection capacity. It also supports customer-defined IP DNS reputation entries, location-based policies, and customer-developed filters.
McAfee Network Security PlatformMcAfee
The bronze winner, the McAfee Network Security Platform, employs many attack detection methods including application and protocol anomaly, signature, and shell-code detection algorithms. It utilizes McAfee Labs’ database of threat and vulnerability information, as well as McAfee Global Threat Intelligence (GTI) cloud-based threat intelligence service. According to readers, McAfee Network Security Platform does a good job detecting and preventing attacks and responding to new attacks. Readers also praised it ease of installation and administration.