Intrusion prevention systems (IPSs) have become more effective, more widely distributed and more complicated to deploy. What's more, the more complicated systems are consistent with today's more complex networks.
For an IPS to be effective, it needs a proper installation. This can be a daunting task, so be sure you include the best experts on your network that you can find.
As you plan, you need to remember that the more complex the IPS, the more opportunities you have to make errors. If you intend to depend on it to protect you, that can be a serious problem. Also, the more detail and customization that is required when writing policies, the more likely errors will occur.
The architecture for IPSs is varied and usually reflects the complexity of the enterprise in which it is to be used.
We wish that some vendors would recognize that complexity in the tool is not necessary. Like many things in life, simplicity is better. Some IPS products could certainly use some designed in from the start.
Product: Ally ip100
Vendor: Arxceo Corp.
Verdict: Astonishing performance from such a tiny product.
Product: Reflex IPS100
Vendor: Reflex Security, Inc.
Verdict: Top performer with excellent protection and ease of use.
Product: InstaGate PRO
Vendor: eSoft, Inc.
Verdict: Modular system with lots of appeal for UTM, as well as IPS.