It is used as our primary in-line IDS/IPS system, replacing FireEye NX. It catches more, looks at more ports than Fireeye NX, and is a scalable appliance, unlike our NX which was saturated and shut itself down.
It is used as our primary in-line IDS/IPS system, replacing FireEye NX. It catches more, looks at more ports than Fireeye NX, and is a scalable appliance, unlike our NX which was saturated and shut itself down.
Increased our ability to stop malware before it hits workstations. That ability increased by 200% due to the number of ports it monitors, over the FireEye NX product.
It has also improved our hunt ability with quick search tools, to zone in on malware or other anomalies. It is able to link items to incidents from other consoles, and works natively with the SIEM.
IPS and reporting. It catches more inline than the FireEye NX even looked at. It has a rating system now so you can rate things up or down, depending on your environment. This means alerting can be customized, yet still pick up anomalies.
Reporting has been great and it is easy to do a quick search through 45 days of data for something of interest.
Update: The interface bug issue hasn't happened in last three months. This may be solved now, we hope. Support seems better.
There was a bug issue for more than a year, but seems resolved with last patch, last reboot occured over 3 months ago.
No issues with scalability. In fact, we’ve added a datacenter, purchased new gear, and scaled out two more units for the active/standby site to take over the load, should a DR be required.
Tech support is competent, usually responds within a few hours, can escalate anything urgent to technical account rep for immediate handling.
We used a different solution. We switched due to flexibility, expandability, and cost. Limitation in old hardware appliance would not scale without major costs.
A breeze. After rack and stack, devices were up and running base configurations within two hours. As with any IPS, tuning is required to stop false positives. This is no different, but the ease of use of the interface allowed my team to start making adjustments within a few hours. With the latest version this is even easier, given the new rating system. You can tweak your environment on the fly, as your ops look at alerts to lower thresholds, raise them, or reduce false positives.
we always use 1 of 2 partner implementer. I rate our partner a 9/10.
More visibility at the north-south network layer, automation of security event/incident handling.
Company came from government space. You license by the number of days of logs you need to maintain visibility for. Forty-five days is a good solid number for a company with around a 10k user base.
Tipping Point, Cisco
The product itself works fine, support is pretty good.