Name: RealSecure Guard (Intrusion Prevention group test)
Price: $13,720 (incl. 1 year maintenance)
- Surprisingly easy to get running out of the box, reasonable documentation.
- Needs to be on a dedicated machine with stringent hardware specifications. Also requires a particular network setup for optimum efficiency.
- Very good and does the job of intrusion prevention remarkably well. But the price makes this a product only really for the enterprise market.
SC Labs Reviews
Reviews from our expert team
This product essentially takes over from where BlackICE Guard left off. The current version offers greater protocol analysis pattern-based detection and a few bug fixes thrown in for good measure.
The software came ready installed on a Compaq Proliant server. The hardware requirements limit the choice of hardware to one of four server configurations from either Dell or Compaq. The extra hardware needed (as it will run as a dedicated system) will cost a further $5,720.
Once out of the box the server is connected to the rest of the network via a bypass unit that should keep the network link running should the computer hosting the software go offline. The bypass unit acts as an intermediary, drawing in packets of data from the link for RealSecure Guard to monitor.
We set up RealSecure Guard between the server, which acted as a router, and the rest of the network, but as this server/router was also the domain controller we found it slowed down the client authentication. As such, RealSecure Guard was checking logon data running between client and server.
An engineer from ISS said this was not the best way to set up the device, and a quick change on the network to allow the RealSecure Guard to sit between a dedicated router and the rest of the network solved the problem. The system allows for protection of network segments or a single computer.
The software runs as a service on the server and configuring it is done either from a console on the server or remotely via ISS’ central management console, RealSecure Site Protector. There are four pre-defined protection levels, ranging from trusting to paranoid.
By default auto-blocking, and hence intrusion prevention, is disabled when the product is first installed. To turn it on is simply a matter of ticking a box in the firewall settings tab. This is done to allow administrators to run the service and get a feel for what network activity needs to be monitored and allowed where necessary, but we would have liked auto-blocking to be enabled from the outset as the whole idea of the application is to prevent intrusion.
It was not a major problem, as once configured the application blocked all attempts by us to attack our test network. Overall, the product is very good but aimed at the top end of the market.