IBM-ISS Proventia IPS GX6116
Strengths: High performance, highly capable IPS.
Weaknesses: Price, unless you can justify this product in a very large enterprise environment; documentation disappointing.
Verdict: This is a serious IPS appliance meant for serious large scale implementations.
The Proventia IPS GX6116 could be considered the high-end sports car of IPS appliances. Not only does this device include several protection and analysis features — such as protocol analysis for more than 140 different network and application protocols, heuristics and pattern matching — but it is built for speed. This device includes a high-end network processing unit, as well as eight 64-bit multi-core processors, and dual XEON x86 processors examine traffic across all seven OSI layers. This beast of a box can handle almost any amount of traffic thrown its way and still have resources to spare.
We found this appliance to be surprisingly simple to set up and manage. We did hit a few snags in the set-up process though. Since this appliance is built for massive speed, the ports are all straight gigabit and will not talk to anything less. The other problem we ran into was that the Java interface tends to freeze when implementing a large policy change unless your console PC has a lot of memory. Other than that this appliance is solid.
This device has no trouble with computing performance, but the protection performance sits right about in the middle of what we would expect. On the scanning portions of our tests the appliance caught most of the attacks, and on the penetration attack it blocked everything from getting through.
Interestingly, this appliance did not come with the famous IBM-ISS big quick start card. Instead, it came with an entire getting started guide. This guide is presented in their standard layout with limited visuals. However, the guide is fairly easy to follow and understand. The other documentation for this product is a user guide that details configuration in more depth, as well as describing how to deploy this appliance with SiteProtector (IBM-ISS centralized management console).
IBM-ISS has many comprehensive support plans that are available with a support contract. These plans include levels of phone technical support, updates and upgrades, training and many other services.
This product is at the highest end of the price spectrum. At a cost just shy of $200,000, this product is a significant investment. Though this product does have some very nice features, as well as high capability, the price is only justified as part of a large Proventia deployment. This is the ultimate sports car with all the toys, but intended for the large enterprise.