CounterSnipe Active Protection Software v3.0
Strengths: A wide range of deployment options with a learning mode that can be put in place beforehand
Weaknesses: Difficult to manage and configure, awkward documentation, cost of ownership
Verdict: Solid features and performance, but setting it up can be quite challenging
This software-only product can be deployed as an inline IDS or IPS or off a tap. It can also provide detailed threat and asset correlation using its comprehensive surrounding asset knowledge module (SAK) to locate potential trouble areas. And it has a learning mode that can be deployed in the network before actually implementing policy.
This solution is challenging to deploy, to say the least. You need a computer to put it on, and the software is only compatible with the exact specifications described in the documentation. We found that if the platform has different hardware the application will not work. We wish that CounterSnipe had stuck with their popular appliance rather than go to a software-only implementation.
The rest of the setup was fairly straightforward, but managing policy on the device is a tangled maze of configuration levels, and it becomes confusing very quickly. The Java-based management interface is slow and awkward to navigate.
The product performed well. It was able to stop most of the bad traffic from our scanners, and we found ourselves unable to penetrate the protected network. The event log also provided near real-time event descriptions that were clear and understandable.
The documentation is light. A two-sheet quick start-guide gives the hardware requirements and steps to install it. There is a small PDF administration guide that can be accessed via the web console once the solution is up and running. This provides a good amount of detail for the initial configuration, but is difficult to understand on policy and many other areas.
CounterSnipe offers 24/7 support, but we had to search for information on these programmes. We found a brief discussion in a PDF file entitled "professional services" buried on the website. Substantive support appears to be an extra-cost item, available in standard and platinum packages. Publicly available help via the website is limited to a few documents, data sheets, and white papers.
On the surface, this product looks to be a bargain for almost any company with a price of less than £3,000, but after a deeper look this deal may not be so sweet. An appliance has to be purchased separately, which, combined with the difficulty of managing this tool, adds to cost of ownership.