Article

Hot Pick: NFR repeats top honors in intrusion prevention

James C. Foster, Contributor

Sentivist 5.0
NFR Security
Price: Sensors start at $13,000; Management platform starts at $10,000

NFR's Sentivist 4.0, with its Confidence Indexing for assessing threats, ease of use and reporting capabilities, impressed us sufficiently to be named

    Requires Free Membership to View

our Hot Pick in November 2004. Sentivist 5.0 takes the product to another level and has again earned the honor. It's suitable for any sized organization, with environment-aware attack assessment, vulnerability scanning, data integration, ad hoc reporting and a revamped interface.

The enterprise value of Sentivist's architecture is its ability to scale to thousands of sensors with the same level of protection deployed to all network segments. Its scalability is supported by a three-tier architecture: management, sensors and database (which can be either MySQL for smaller implementations or Oracle for larger enterprises).

In complex enterprises deploying tens or hundreds of sensors, an intermediate "sensor server" can be used to handle some of the correlation before data is packaged and transmitted to the central database. This data handling layer is also ideal for multinational or geographically dispersed corporations.

Now a true enterprise-level product, Sentivist went from a few hundred Mbps to high-end sensors that can analyze up to 4 Gbps. Sentivist's failover pass-through, which will create a hardware-layer copper bridge to ensure network connectivity should a unit fail, is impressive.

The Dynamic Shielding Architecture (DSA) permits the sensors to be aware of their environment and tailor security accordingly. DSA collects Nessus scan data via its XML-formatted vulnerability output reports, which are parsed and input into the database for real-time correlation of network attacks. Correlation is based on attack type, port, IP and CVE. NFR plans to integrate McAfee Foundstone and Qualys data into the product in the near future. All attack signatures and sensor policies are be centrally managed through the NFR Protection Center administration and analysis system.

The analyst console for NFR is the most impressive we have seen, providing real-time views into a particular sensor or all sensors at the click of your mouse. You also have the ability to dissect the attack and alert data into common groups. These groups are customizable and are ideal for tracking potential intruders, worms or internal threats. For example, you can group alerts by any field in the packet--source IP, attack type and target vulnerability-- to determine the scope of an attack.

The interface contains all the slick benefits of Java, with adjustable windows, drag-and-drop functionality, and customization. Ad hoc reports with Crystal are available and easily integrated, but do not come prepackaged with the solution.

SMBs will be pleased that all sensors now are bundled with full network firewall capabilities, which gives them the option of replacing older firewalls from the '90s with easily managed multi-use prevention appliances.

Sentivist 5.0 is common criteria EAL 2 certified and is IPv6 compliant.

With Sentivist 5.0, NFR has made itself a formidable player in the IDS/IPS market, appealing to both large enterprises and resource-poor SMBs.

This product review also appears in the March 2006 issue of Information Security magazine.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: