Feature

Intrusion Prevention: Lucid Security's ipAngel 4.0

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Best-of-breed: Security Products of the Year: 2006."

Download it now to read this article plus other related content.

ipAngel 4.0
Lucid Security

Price: $2,495 to $57,995

 

    Requires Free Membership to View

Lucid Security's ipAngel 4.0

Lucid Security integrates intrusion prevention, vulnerability assessment, port scanning and firewalling in ipAngel.

Lucid Security's ipAngel goes far beyond standard IPS fare, integrating intrusion prevention, vulnerability assessment, port scanning and firewalling in a single box.

Beyond the value of an integrated security appliance, the combination of capabilities in the newest ipAngel release (4.0) reduces false alarms, issuing alerts only against vulnerable machines.

For example, a Windows Server 2000 exploit is irrelevant if the port scan discovery shows only Windows 2003 Server devices on your network, or the vulnerability scanner shows that your 2000 boxes are patched.

ipAngel is capable of stopping a wide array of attacks. It is supported by LucidWatch, Lucid's expert security team, which researches the latest vulnerabilities and exploits, and creates detection and assessment signatures that are released daily.

We set up a mid-range 400 appliance inline on our test network without any fuss, simply by supplying the administrative interface with an IP address. System discovery is performed by port scans and can be configured to be done by common ports, a full port scan or a custom scan.

ipAngel's Nessus-based vulnerability scanner can be customized to scan entire networks, groups of machines or single devices. Our test scan successfully detected the known vulnerabilities present in our lab, which included Windows 2003, UNIX and Linux machines, all in various stages of patching. ipAngel produced a low number of false positives, a significant point for intrusion detection, but vital for intrusion prevention--the last thing you want is your device to mistakenly block legitimate traffic.

At this point, the device was auto-tuned, having learned the devices and vulnerabilities on the network and activating the applicable signatures. For those wary of letting the device make these decisions automatically, manual tuning of both the firewall and detection functions is easy.

We also liked the ability to delegate mitigation tasks by assigning assets to the appropriate network and/or support personnel, and alerting them via e-mail when vulnerabilities are discovered. This frees up the overtaxed security staff.

Rules for the Snort-based IPS are flexible and can be set to pass traffic, pass but alert, or drop, depending on user confidence in the detection.

IPS performance was excellent, stopping our repertoire of attacks even under heavy network load, leaving no doubt in the advertised 400 Mbps throughput performance. The appliance provides failover through bypass NICs, as well as load balancing for multiple boxes. Our only issue with the box itself was the noisy cooling fan.

ipAngel is available in five models, from the 10 Mbps ipAngel 10 to the 1.2 Gbps 1200. A 2 Gbps appliance is scheduled for later release.

The Web interface is generally clean and easy to navigate, considering the amount of information. However, the system page is somewhat cluttered and would be improved with the type of tabs we saw in other pages.

This was first published in February 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: