Since 200E is what we call alearning device, it requiresa little time on thenetwork to begin protecting assets.
The concept of a learningdevice is open to interpretation,however. With this product, thereare two considerations. First, thedevice, as with most IPSs, mustdiscover the network. It does thison an ongoing basis, assuring thatit knows about all devices on theenterprise.
Additionally, we found that,during our initial vulnerabilityscan, the product could be seentransferring attacks to its blacklist.At that point, the NetClarityattacker reported that the target,presumably protected by the IPS,was visible and was vulnerable.Subsequent scans were ineffectiveand the target became invisible tothe NetClarity device.
Additionally, when we thenattacked with Core Impact, wewere able to crash the targetservice on our victim machine,but were not able to penetrate.
Although the 200E performedvery well under most of our tests,this penetration attack (a MicrosoftRPC buffer overflow) partiallysucceeded. All informationscreens auto-refresh every 30seconds, so most current informationis always easy to see and findon the intuitive web interface.
This product sits at the frontend of the network transparentlyand monitors all incoming andoutgoing traffic for any maliciouscontent.
This is an IPS with very simpleconfiguration. You just plug it inand go. After the simple quickstartis completed, the 200Ebegins gathering network trafficand information and setting itsown policies accordingly. Itspolicies are reasonably selfmaintainingand the 200Erequires little administration time.
The TippingPoint appliancecomes with only a simple, onesheetquickstart guide that onlydescribes the initial turning on,and simple initial configurationof, the appliance. Additionaldocumentation is on the suppliedCD, and we found it adequate, ifnot extensive.
Support for the product isavailable, but you have to look forit on the website. Instead of beingin a more intuitive “support”section, it is hidden under thecompany information as part ofthe “contact” screen.
However, there is the ThreatManagement Center thatprovides, among other things,real-time attack filter updates, anextremely valuable service.
This device is very reasonablypriced for a full-service solution toprotect most sizes of networkfrom intrusion or malware.