Sourcefire 3D IPS1000
May 01, 2006
from $4,500 for IS1000; from $1,385 for RNA; from $20,200 for Defense Center
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Performs well under normal attack conditions and can work well as a layer of protection for average networks.
- Weaknesses: If the sensor is compromised for any reason, the IPS system leaves the network vulnerable to attack.
- Verdict: Not an IPS star: Sourcefire’s rating here does not take into account the suite’s full capabilities.
The Sourcefire box does all the things an IPS should do. It fits comfortably in the category of an average IPS, although it must be remembered that the Sourcefire 3D Suite includes a ton of IDS, scanning, and vulnerability management capability which falls outside the context of this review. As an IPS, the box has no standout features, and nothing specifically separates it from other IPSs.
With the management interface geared around the suite as a whole, narrowing down IPS functionality was difficult. There is no defined procedure for setting policies or determining what types of policies are needed.
The configuration of the box itself involves a long navigation through a complicated web interface, and setting different policies and generating the reports we needed was time-consuming and became more difficult the further we progressed.
The box defended against normal scans and attacks, but we were able to compromise the sensor by launching a denial-ofservice attack and bypassing the IPS. With the sensor disabled, the computers on our target network became susceptible to attack by our testing tools. The console could flag up a dead sensor, but that of course will not protect the systems that are under attack.
The appliance comes with a CD that contains documentation and restore information. There are two manuals, one is an installation guide and the other is an administrator manual. But the documentation is very long, more than 900 pages, and is geared to operating the suite as a whole. If the manual is needed to answer specific configuration issues or questions, the search for information can be very time-consuming.
There is a lot of support offered from Sourcefire, including full telephone technical support as well as online help files and email support, as part of an online support site.
The product comprises three appliances: the IS 1000; the RNA; and the Defense Center. It is fairly pricey for its abilities but does require reasonably intensive deployment and management. But you would not buy it for the IPS – this is just one component of the whole suite, which is a much more attractive proposition.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Russian intelligence claims to bust up pending banking cyber-attack
- Presidential commission calls for collaborative action to combat cyber-threats
- Russia's banks will be hacked today, apparently
- Met Police grab suspect with phone unlocked to get hold of data
- Researchers hack Visa cards in six seconds