Strengths: Great IDS appliance with built-in vulnerability assessment and available firewall and routing modules
Weaknesses: IPS is not very effective at all, documentation needs improvement
Verdict: A bargain priced appliance that is missing a few important capabilities while adding a few non-standard ones
This device is like a slightly stripped down version of a unified threat manager (UTM). The SecurityMetrics offering not only includes IDS/IPS functionality, it is also a vulnerability assessment tool and can be configured to work as a firewall and router. Furthermore, this appliance is capable of protecting the network from viruses, pornography, backdoors, cross-site scripting attacks and many other threats.
This device was shipped almost completely preconfigured specifically for our environment, so setup was a breeze. It took just a few minutes to plug it in, update it and look over the policy for any tweaking required and we were good to go.
Once the SecurityMetrics box was up and running, we found the web GUI to be simple and intuitive to navigate. Policy configuration was equally straightforward and quick.
While this appliance was easy to configure, it did not perform well during our test. The IDS part worked very well and identified all the attacks.
However, the IPS failed to stop most of the attacks and the protected network was compromised quickly by our penetration tool. The IPS did manage to stop a few attacks, but it only takes one serious hole to have a serious problem.
The documentation for this product is insufficient at best. The installation guide is a basic three-page document that does an average job of describing installation, but it fails to explain the deployment in any useful detail. The rest of the documentation is built into the appliance as a simple help file. While this information is well organised and easy to read, it lacks substantial detail and has no screenshots or diagrams.
Security Metrics offers support free for the first year on hardware/software maintenance. The second year of support comes at a cost of £505. The support area of the website offers a support contact, but that is all. Relative to virtually all other products we test in just about all categories this is a very weak showing.
At a price of just over £3,000, we thought this product would be great value, but as an IPS it falls flat. However, the good news is that it is a good IDS and does have a built-in vulnerability assessment tool. In this case, value really depends upon what you are looking for.