Detection and prevention: 6 intrusion detection systems tested

McAfee Security IntruShield I-1200, I-2600 and I-4000
McAfee is covering both ends of the intrusion detection and prevention scale by offering both hardware-based systems and software-based ones. Let's start with the hardware.

The 1200 and 2600 series of Intrushield IPSes are in a 1RU form factor, while the 4000 is a 2RU chassis. All the chassis appear very robust and well constructed. Each of these devices is designed to offer complete transparency when monitoring network traffic.

An interesting design feature is the pass-through ports for the network connections; they are hardwired through, so even if the machine fails, the network traffic can still be routed through without being cut off.

The McAfee units are deployed in much the same way as the Juniper systems -- at various critical points throughout the company network -- and act as sensors relaying information to and receiving updates from the main management server. There are two versions of the management software, the IntruShield Global Manager which is suitable for IPS deployments up to several hundred sensors, and the Intrushield Manager which is suitable for deployments of up to six sensors. The I-1200 unit runs up to 100Mbps, the I-2600 up to 600Mbps, and the I-4000 runs up to 2Gbps.

McAfee likes to talk about the concept of virtual intrusion detection and prevention systems, similar to network switches that support virtual LANs (VLANS). Basically this means each sensor can be segmented into a number of virtual sensors; each can then be customised with different rules and policies, from focusing on a single IP address on the network to a group of machines. These units or sensors also incorporate an internal firewall, which can also be virtualised. This internal firewall is not designed to replace the existing firewall at the network perimeter. However, it allows the option to implement stronger security policies and procedures to enable further protection for critical resources on the network by the intelligent placement of sensors.

Overall, McAfee's appliances are a very scalable solution, again one to definitely shortlist on any evaluation, particularly for large organisations' security needs. Particular note should be placed on the internal firewall and IPS virtualisation features.

	Detection & prevention   Computer Assosiates   Juniper Networks   McAfee IntruShield   McAfee Entercept   Snort   SonicWALL  Specifications  How we tested  Sample Scenario  Final words  Editor's choice  About RMIT

Product	McAfee Intrushield
Price	I-1200 AU$19,633.93
Vendor	McAfee
Phone	1800 644 646
Web	www.mcafee.com.au
Interoperability
Several models available with excellent features.
Futureproofing
Range of models with clear upgrade paths.
ROI
Pricing seems competitve with other IPS hardware vendors, considering performance.
Service	½
Warranty and service renewable annually with service contract.
Rating

• Related stories

• Alerts

Sign up for an e-mail alert

ZDNet Australia Alerts is an e-mail alert service which provides personalised news, features and reviews to readers’ inbox on an hourly, daily and weekly basis.

Alert:

E-mail: *

Frequency: *

Hourly Daily Weekly

Add alert

Be the first to comment on this article!

Add your opinion

All fields are required

Subject:
Comments:
Full name:
E-mail address:

Your e-mail will not be displayed

Posting options:

Display all details Do not display details

Security Code:

You must read and type the 6 chars within 0..9 and A..F

 

Login

E-mail Password (forgot?)

Login Remember

Like 124,000 other people join the community and get the latest news from the IT industry.

Reader Services

Popular Topics

Essentials