Excellent policy management with SiteProtector.
Quite simplistic high-availability modes.
One of the best policy editors on the market, and only the high-availability tools let the side down a little.
The Proventia G400 might look like a standard rack-mount Intel-based server, but it's a lot more than that. The hardware was specifically chosen, drivers written for it and a network agent pre-installed. As a result, it can cope with up to 400Mbps of throughput and monitor up to four network segments using its four copper and four fiber Gigabit Ethernet ports.
The appliance can be installed in three modes – active, passive and simulation. These let you measure a network baseline before putting it into active mode to block threats and anomalous data. While a high-availability mode is available (active-active only), in the event of a hardware failure all packets are forwarded (fiber connections require an external box) even if there is no power to the appliance, so normal network services are not affected.
Management can be done via a web browser interface for local settings, but the bulk of control is handled through the SiteProtector Management Console connected directly to the management port.
SiteProtector is an excellent application that makes it easy to manage a large range of IPS sensors. It was one of the easiest products on test to deploy, and as with other products on test, control of each sensor is through policies that define the type of traffic the sensor is to look out for and the reaction it should have.
The Proventia supports a wide range of detection methods and can scan more than 100 protocols. It can detect malicious code, trojans and DoS attacks.
Most of the system's detection capabilities require attack signatures, which are updated automatically via the management console and distributed to all sensors on the network, so it is easy to keep up to date with the current threats.
Reporting is top-notch and goes far beyond the more simplistic tools offered by many companies. The reporting and monitoring tools enable you to automatically configure protection for newly discovered threats, while reducing the number of false positives.
Perhaps the best thing about SiteProtector is that it's included as part of the cost of the sensor, so there's no hidden costs.