Excellent detection and baseline monitoring tools.
Poor reporting tools.
Incredibly easy to configure; great detection and anomaly detection tools; let down by poor reporting tools.
This might not be the most attractive appliance, with a bright green front, but its flexible architecture is likely to win it support. It is designed to sit internally or between the firewall and router and can support up to 100Mbps of network traffic. It comes with two Fast Ethernet ports and operates in-line with a network connection. There is also a dedicated management port.
Installation requires use of the console to supply an IP address; V-Secure uses a proprietary serial cable, though, so you will have to be careful you don't lose it. Once done, management is performed through the V-Secure Management Server (there's the optional central NetVisor software as well), which provides centralized management of all IPS devices.
The first step is to configure the bandwidth settings of the network and the IP address range that you want to protect.
Next, you can configure the type of protection you want apply. Signatures and anomaly detection rules, such as TCP Flood and Land Attack, can be turned on at the click of a mouse for incoming and outgoing connections. Each signature can also be switched into a detection mode, which logs attacks but doesn't prevent them. Protection profiles can also be applied to specific servers.
While the default signature values are likely to be fine, you can fine-tune the sensitivity of the anomaly detection rules, but you have to be careful that you don't trigger too many false positives.
Attack recognition isn't just based on signatures, though. The advanced settings let you choose the network learning period, to build a baseline view of the network. Then any anomalies can be flagged or blocked, effectively guarding against zero-day attacks.
The V-100 uses Snort for its detection engine, with signatures updated regularly via the management console. This gives the flexibility that you can create your own custom Snort signatures to match traffic unique to your network, or to block new threats before a final signature is released.
The V-100 is a great product that is very easy to manage. Protection is thorough and the product is only let down slightly by very basic reporting tools.