* A look at the managed, customer-premises-equipment-based IPS service, Sentinel, from EcoNet.com Last week, we talked about intrusion prevention tools. Here’s a look at a EcoNet.com, a company selling a managed, customer-premises-equipment-based IPS service.The EcoNet.com offering, called Sentinel, uses an edge IPS device sitting outside the corporate firewall. Sentinel is a signature-based IPS with some additional features, such as virus scanning, but without any rate-based controls or SYN flood protection.With Sentinel, EcoNet.com isn’t just taking on the burden of managing a CPE-based IPS product; it’s an entirely proprietary system sold on a subscription basis and running on commodity Intel-based PCs.As a managed service, Sentinel doesn’t give the network professional a lot of information. Unlike the other IPS devices we tested, you can’t see anything about any of the IPS features activated on the Sentinel. A Web-based GUI defines a small set of parameters, such as a network whitelist of systems that should never be blocked and the networks that Sentinel protects. Network managers who want to know what is going on will not find the configuration very enlightening. Sentinel appliances also have local reporting and limited forensics capabilities, with copies of all logs also shipped to EcoNet.com’s operations center. There are some local management options for the network professional. For example, if you want to whitelist a system, that’s fine. But if you want to disable IPS for only a particular port on a system, you have to request that from EcoNet.com. Other IPS features need to be negotiated as well, such as the ports Web servers listen on. By default, Sentinel only looks on Port 80 for Web-based attacks.Sentinel depends heavily on its blacklisting function and applies it with the heaviest hand of any IPS product tested. Any IP address getting on the bad side of Sentinel is blacklisted, along with its adjacent IP addresses, for a period of 30 to 60 days. Fortunately, the network professional has easy access to a Web-based display of blocked IP addresses and attack events, and can remove an improper block easily. Sentinel sends e-mail to a designated e-mail box when an IP address is added to the block list. For the full report, go to https://www.nwfusion.com/reviews/2004/0216ipseconet.html Related content news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe