Name: XSGuard C-Series (Group Test: Intrusion prevention)
- Very easy to install.
- You have no control over the policy.
- The easiest product to install, but with no control over the profiles it is unsuitable for enterprise networks.
SC Labs Reviews
Reviews from our expert team
XSGuard’s C-Series is the easiest product to install. Just plug the internal side of your network into the marked Fast Ethernet port and the external side in the other marked port. Turn the box on and it connects to the XSGuard servers and starts filtering traffic at 100Mbps.
The NICs in the device have been designed to let traffic flow through without protection in the event of a problem with the C-Series appliance.
The first thing we noticed about the box was that there was no management port. This is because you can’t manage the box directly. Instead, XSGuard provides a managed service. The appliance connects to the XSGuard servers and downloads new updates and attack profiles. It then blocks traffic automatically without you having to do any work.
You can connect to the XSGuard website and log into your account, however. It displays security news and general information about your account, and lets you change it.
You can also download logs from your XSGuards. You can’t run reports on the data, though, and can only perform queries to find specific information. The website doesn’t let you manage the appliance directly either, so you cannot choose how to deal with attacks, or create your own attack signatures to deal with network-specific threats.
Instead, XSGuard uses predefined attack signatures to detect and block most attacks. However, it can also recombine all IP packets to get at the whole message and then check these for hidden attacks and incomplete data, helping to prevent zero-day attacks.
The system is managed by XSGuard’s team of experienced security consultants, so your network should remain well protected. As the company has data coming in from all of its XSGuard appliances, it helps boost security, as it has a wider spread of network traffic to analyze for new threats than your average organization.
But there are some drawbacks. First, the box has to be able to connect to the internet, so you can’t protect internal hidden network segments. Second, it’s only going to appeal to smaller networks where there is no dedicated security personnel. Larger companies will want full control over the appliance to tune it for their network, which you just can’t do here.