Best of 2006: Intrusion prevention

Intrusion prevention systems (IPSs) have become more effective, more widely distributed and more complicated to deploy. What's more, the more complicated systems are consistent with today's more complex networks.

For an IPS to be effective, it needs a proper installation. This can be a daunting task, so be sure you include the best experts on your network that you can find.

As you plan, you need to remember that the more complex the IPS, the more opportunities you have to make errors. If you intend to depend on it to protect you, that can be a serious problem. Also, the more detail and customization that is required when writing policies, the more likely errors will occur.

The architecture for IPSs is varied and usually reflects the complexity of the enterprise in which it is to be used.

We wish that some vendors would recognize that complexity in the tool is not necessary. Like many things in life, simplicity is better. Some IPS products could certainly use some designed in from the start.

Ally ip100 
Vendor: Arxceo Corp
Astonishing performance from such a tiny product.

Product: Reflex IPS100 
Vendor: Reflex Security, Inc. 
Verdict: Top performer with excellent protection and ease of use.

InstaGate PRO 
Vendor: eSoft, Inc. 
Verdict: Modular system with lots of appeal for UTM, as well as IPS.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.