Symantec Managed IDS/IPS with Sourcefire
Strengths: IPS managed service with option of having full-scale network security device management.
Weaknesses: Can become expensive.
Verdict: Solid monitoring service, if a bit expensive.
The Managed IPS/IDS from Symantec is a fully managed system with Sourcefire IPS as its backbone. Alongside of the IPS, Symantec can also manage many other network security devices, including firewalls, intrusion detection and prevention systems, and log collection platforms. This creates the ability for a customer to completely outsource all security management and monitoring to Symantec for ease of management, as well as streamlining reporting and event notification.
Customers can access the Symantec Secure Internet Interface to view various incidents, device information, logs and tickets. The main dashboard of the interface includes historical views of security incidents in the last 90 days, as well as top attacks and top attackers from the last 24 hours.
The company relies on solid 24/7 monitoring of customer networks via its security operations centers. These centers use a combination of data mining and human analysis to provide customers with specific recommendations for proactive and preventive security measures.
Documentation supplied by the company is comprised of two PDF manuals. The first is a user guide for the Secure Internet Interface.This guide provides in-depth, step-by-step instructions on using the interface, but, unfortunately, it has no screen shots or visual examples.
The second is the operations manual, which contains a vast amount of information and instructions on the services provided, as well as assistance in using the various services. This guide does include many screen shots, diagrams and examples.
Symantec offers various types of support for its provided managed services. These plans include gold and platinum firewall monitoring, as well as gold and platinum firewall management. These levels include various support options, such as maintenance and update response times.
At a cost starting at about $500 per month per managed device, this service from Symantec can become expensive for full-scale network device monitoring. However, we do find that the service also provides a solid monitoring and management service across many device types. So, we find it to be a good value for the money.