July 01, 2003
Internet Security SystemsProduct:
$13,720 (incl. 1 year maintenance)
- Ease of Use:
- Value for Money:
- Overall Rating:
Surprisingly easy to get running out of the box, reasonable documentation.
Needs to be on a dedicated machine with stringent hardware specifications. Also requires a particular network setup for optimum efficiency.
Very good and does the job of intrusion prevention remarkably well. But the price makes this a product only really for the enterprise market.
This product essentially takes over from where BlackICE Guard left off. The current version offers greater protocol analysis pattern-based detection and a few bug fixes thrown in for good measure.
The software came ready installed on a Compaq Proliant server. The hardware requirements limit the choice of hardware to one of four server configurations from either Dell or Compaq. The extra hardware needed (as it will run as a dedicated system) will cost a further $5,720.
Once out of the box the server is connected to the rest of the network via a bypass unit that should keep the network link running should the computer hosting the software go offline. The bypass unit acts as an intermediary, drawing in packets of data from the link for RealSecure Guard to monitor.
We set up RealSecure Guard between the server, which acted as a router, and the rest of the network, but as this server/router was also the domain controller we found it slowed down the client authentication. As such, RealSecure Guard was checking logon data running between client and server.
An engineer from ISS said this was not the best way to set up the device, and a quick change on the network to allow the RealSecure Guard to sit between a dedicated router and the rest of the network solved the problem. The system allows for protection of network segments or a single computer.
The software runs as a service on the server and configuring it is done either from a console on the server or remotely via ISS' central management console, RealSecure Site Protector. There are four pre-defined protection levels, ranging from trusting to paranoid.
By default auto-blocking, and hence intrusion prevention, is disabled when the product is first installed. To turn it on is simply a matter of ticking a box in the firewall settings tab. This is done to allow administrators to run the service and get a feel for what network activity needs to be monitored and allowed where necessary, but we would have liked auto-blocking to be enabled from the outset as the whole idea of the application is to prevent intrusion.
It was not a major problem, as once configured the application blocked all attempts by us to attack our test network. Overall, the product is very good but aimed at the top end of the market.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry