Content

Sentivist IPS Sensor 500

NFR's Sentivist IPS uses a combination of hardware sensors, and software for managing. It ships with a Java-based management console, which is good for monitoring and configuring individual sensors.

Larger installations can select the optional Enterprise Console, which provides centralized management and reporting for large installations; you will need a Red Hat Linux or Solaris server to run the software, though.

We stuck with our single sensor console for this review. Essentially, it is an Intel-based server, but with customized hardware and software. It comes with a custom NIC, which automatically bridges the connection in the event of power failure, while a special hardware driver ensures that there is low latency on the line and wire-speed data capture.

The Sentivist supports Passive IDS, Pass Through log-only and Full IPS modes. The initial modes are better suited to training the sensor for your network, the Full IPS mode is for attack blocking.

Management is easy thanks to the bright and colourful management application. Once the sensor has learnt a baseline for your network, you can use anomaly detection as well as its normal attack signatures, protocol analysis and deep packet inspection.

Traffic is blocked according to the installed policy. Signature-based attacks can be turned on or off for individual machines, and you can install a network-wide default policy; first, you just need to configure the network address ranges that you want it to protect.

Where the Sentivist differs is through its Confidence Indexing engine. It uses a range of methods to detect attacks and, at each point, raises the confidence level that you're being attacked. When it hits the threshold, you are protected – particularly useful against slow attacks, where other IPS appliances can miss the signs.

NFR's Sentivist provides a high level of protection out of the box and a reduction of false-positives thanks to its Confidence Indexing.

Product title
Sentivist IPS Sensor 500
Product info
Name: Sentivist IPS Sensor 500 (Group Test: Intrusion prevention) Description: Price: from $13,000
Strength
Confidence indexing reduces false positives.
Weakness
Advanced management needs dedicated Linux or Solaris server.
Verdict
Great network visibility and detection methods, but the advanced management can be difficult to configure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.