- BlackBerry Storm vs. the iPhone
- Digg's Kevin Rose: "We have to do better"
- Blogger warns: "Nortel doesn't make it out alive"
- Financial quagmire bringing out the scammers
- Verizon plays with the wrong e-mail addresses
Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:Application Performance Solutions | App Performance | Networking Solution | SafeGuard Enterprise Solution Center | SOA | Test your Web Filter | Value of WDS

| Intro to UTM Testing | Testing categories | Product Summaries | Click tabs to expand |
|---|
Juniper Networks' ISG-1000 and Cisco's ASA5540 with its add-on SSM-20 IPS module offer no-compromise IPS products that will make the security purist happy with their configurability and control features.
We rank the ASA5540 slightly behind the ISG-1000, because of Cisco's fairly loose link between firewall policy and IPS policy. Although Cisco has made enormous strides in its management with the release of Cisco Security Manager, the firewall and IPS are not as integrated as they should be. For example, you can't apply different policies to different streams of traffic (such as internal-to-external and internal-to-internal). Only a single policy applies to the IPS. With a new feature called "virtual sensor," you can create multiple policies, but these are applied to virtual LANs or interfaces and still don't match up to the firewall policy.
One of the most interesting IPS implementations tested was IBM Internet Security Systems' Proventia MX5010, because it came to the UTM space as an IPS first, a firewall second. While the Proventia has every bit of IPS configurability stripped out of it -- you essentially get two check-boxes in the GUI to turn IPS on or off for all interfaces, all traffic, all the time -- our test results show that this black-box IPS blocks more bad traffic than any other tested.
Click here to view chart: Tracking IPS catch rates
With the optional SiteProtector management appliance, you do get all of the powerful IBM/ISS IPS and IDS forensics and reporting tools. This creates a strange dichotomy: an almost unmanageable IPS that does a great job. Our fear, though, is that enterprise network managers won't be happy with this level of configuration, because as soon as a false positive shows up, the IT reaction to the Proventia MX5010 configuration goes from "wow" to "you've got to be kidding." IBM/ISS has taken a branch-office UTM and scaled the performance up to astonishing highs, but hasn't scaled the management and control up to enterprise standards.
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment