Cisco IPS 4240
One of many: Cisco's IPS4240 fits into a larger network of solutions.
The 250-Mbps Cisco IPS 4240 is a good, basic, self-managed IPS at a decent price. It's rack-mounted and takes up 1U of space, with four 10/100/1000 autosensing Ethernet traffic ports that can be configured in pairs or individually. In addition, it has one 10/100 Ethernet management port, two USB ports and an external flash port. There's also a console and an auxiliary port.
You connect to the 4240 through the console port to set the IP addresses, host name and other specs. Some may regard this as an inconvenience, but it's actually an extra layer of security, because you must be physically connected to the IPS to make certain changes.
Once the device is set up, you can connect to the 4240 via a Web browser running Java (we found you may need to increase the memory in the Java runtime parameters) and alter the configuration of the traffic ports as you see fit. The default configuration stopped most simulated attacks, and the management interface made it fairly easy to tweak the system's security profile to block all the attacks we threw at it.
However, the reporting capability of the IPS Event Viewer (IEV) interface that comes free with the sensor is minimal. The most you can get is a list of events in the log, filtered and sorted. To get more reporting from the Cisco device, you'll need to buy the Monitoring, Analysis, and Response System (MARS), which is sold separately. It is quite an improvement over the free interface, with all sorts of charting and reporting options.
Of course, that's the good and bad of any Cisco product - it's part of a larger network of solutions. Their IPS solution is no different, offering such devices as the Cisco Security Manager (CSM) for managing many different kinds of IPS and IDS devices at once, as well as firewalls and VPN's. These are the kinds of optional systems that you'll gladly cough up extra money for, and most clients often do.
The $11,995 price tag is good, considering how easy the 4240 is to configure and the throughput it provides. In spite of the spartan reporting tools it comes with, this IPS would be a good for any midsize to large network with multiple subnetworks.
Cisco Systems Inc., San Jose, Calif., (800) 553-6387, www.cisco.com