Nortel Threat Protection System
Strengths: Flexible and completely customisable for specific network policies.
Weaknesses: Very difficult to configure and install. Has ineffective documentation.
Verdict: Sourcefire-based solution that would perform much better as a suite.
The Nortel Threat Protection System runs on a Sourcefire platform, something that surprised us. The product is a flexible system composed of multiple sensors and a management console.
This system is customised with specific policies built by an administrator. While the system is completely customisable, its lack of solid documentation and its complexity could open the door for implementation error.
As with the Sourcefire product (p59), this product is really meant to be deployed as a full suite, and tackling specific IPS functions was tricky.
We found the administrator’s web interface to be confusing and unorganised, and configuring the system became an in-depth exercise of creating policies from the ground up.
The Nortel system also seems to be somewhat unstable under attack. After building policies and configuring the system, we found that is was not very effective at stopping our scans or intrusions. It was one of about half the products we tested that was unable to protect its network against certain types of attack.
The Nortel Threat Protection System comes with multiple printed manuals, each one for a specific part of the configuration or specific device in the system. While extensive, we found that on certain points the manuals did not match up with what we were seeing on the screen, and some of it seemed wordy and unclear.
Nortel offers a support website, but we did find it unorganised. A user must first have an account to access many areas of the site. If the user does not have an account, access is restricted to viewing product documentation and overviews. Nortel also offers free email support, but for all other support a user is required to pay for a service contract.
Priced at £14,250 for the configuration we tested, this system sits right between some of the more expensive systems and some of the less costly ones. We find that, if set up and configured correctly (particularly if deployed as a full suite), this system can be a fairly good investment for larger networks, but given its complexity it might not be as useful for small to medium-size companies.