Sourcefire's Intrusion Sensor 2000 (IS2000) is an Intel-based appliance that runs a hardened version of Linux and the intrusion detection software. It uses two Fast Ethernet interfaces and has a throughput of 100Mbps.

After connecting a keyboard and monitor, the set up wizard gets you to create a management IP address, which runs from a dedicated network port.

The IS2000 is then managed using its web-browser interface. It's not the prettiest interface we have used, and comes across as being quite complex to get to grips with, but there's a full range of protection on offer. Profiles are created based on the attack signatures you want to look out for and the action you want to take. The IS2000 uses Snort as its detection engine, so you can easily write your own rules or use those provided by other people. It helps keep the system flexible and able to deal with threats quickly.

The IS2000 can also monitor your network and create a baseline profile; any anomalous traffic is then flagged to be dealt with. It also means that your network is ready for zero-day attacks.

But the IS2000 isn't really happy being used in this standalone mode. It's much better when used as part of Sourcefire's 3D System, which also uses the Defense Center appliance.

This appliance serves as the centralized management for all of your intrusion sensors. It lets you delegate management, write policies and send them to multiple sensors, and collates data network-wide. Reporting is strong, and it's easy to get an overall view of the network and deal with new threats efficiently.

That is not the end of the 3D System. Sourcefire also has its Realtime Network Awareness sensors that sit on the network and monitor it passively for changes, such as an unauthorized machine on the network. Sourcefire's 3D System is by far the most comprehensive product on test. Its multi-pronged approach gives it a clear detection and threat neutralization advantage.

Its complex, multi-component approach won't sit well on small networks, and neither will the cost. But for large networks, the array of detection sensors, excellent centralized management and effective threat prevention makes this a powerful system.