This article can also be found in the Premium Editorial Download "Information Security magazine: Is your data safe from next-generation attackers?."
Download it now to read this article plus other related content.
The Java-based interface is feature-rich but clumsy to use. The management console seems to be just a panel that opens other windows. The interface is quite complex, and we spent a few days going through most of its available features. The management server client seemed sluggish and kept throwing certificate mismatch alerts.
The logging of event data is well thought out, with a number of options. IntruShield logs the first 128 bytes of application data by default, but the entire packet can also be tracked. You have the ability to track the subsequent flow of data from source and destination for specific attacks. Extracting the data is easy and flexible: Logs can be sent to syslog, CSV files and SNMP traps.
There are a number of useful canned reporting options, such as executive summaries and Top "X" reports, plus a full interface for creating custom reports. Reports can be exported in PDF or HTML formats.
If your organization is ready to add IPS to its defenses, the value proposition of the IntruShield 3000, with the flexibility of its Virtual IPS technology and high port density bring strong de-tection and a smooth rules en-gine to bear on your networks, making it a good choice for enterprise protection.
This was first published in June 2006