The primary thing I use it for is monitoring IPS because we have 12 or 14 Cisco IPS devices, and the Cisco solution for monitoring that many IPS devices is hokey at best, aside from it being expensive. I also use it when we’re trying to track down activity on a particular IP address – I use the query engine to search for things like that.
Improvements to My Organization
We’ve had some situations where we’ve either gotten hit with a DOS attack or we’ve gotten notification that we’ve been blacklisted because some IP that belongs to us is roaming the internet trying to bogusly log in to SNMP servers. So, we’ll take that IP, or wherever the DoS is coming from, and run a query over the last 30 days or so, to see just what the activity on that machine has been, and make various decisions from that. In a couple of cases it’s meant to shut down the machines and get them off the network because they’ve obviously got some kind of malware on them. In other cases, it’s been a matter of determining the exact scope of DoS – where it came from, how long it lasted, how intense it was, etc.
Room for Improvement
One of the things that actually opened a ticket about (and they couldn’t help me) is when traffic is leaving our network, it’ll only report the source. I would think that if it’s examining the packets that it should also be able to give me the destination. It’s not possible to tell me whether it reached the destination, but it would be helpful to know where it was headed when it left the network. That field is always empty in the query.
Use of Solution
I've used it for about a year.
No serious issues.The biggest issue I had with their deployment methodology as a virtual appliance – with the way things our VM farms are structured – there are only a couple of people that are allowed to bring up OVAs, which is the way they ship the product, so I have to get their time to do any kind of upgrade.That’s why I recently queried the helpdesk on what was required to do the upgrade that’s available to us (at no cost), and they pointed me to a manual which I haven’t had time to download yet. My guess is I’m going to have to deploy a separate OVA.
We've not had any issues so far.
Customer Service and Technical Support
The only complaint I have is that they wouldn’t issue a license until they had the check in their hands, which is not my experience with other vendors. If you issue a PO for something, usually you get a license immediately – in their case they wouldn’t until they had actually gotten payment, which was a little frustrating. Technical Support
I have tried to open some tickets, and usually they’ll respond with a note at the top of the response. It says “if you’re responding to this email do it above this line,” and I didn’t see that the first time I got an email like that, so for weeks they kept sending me emails saying I hadn’t responded to their initial contact. To me that was a little bit nit-picky.
I inherited a solution that was discontinued by the vendor, and I was charged with finding a replacement.
Once we got the OVA file, and I was able to commandeer some time from the appropriate people here, it wasn’t an issue.
It was in-house. Part of the initial purchase included some on-site time with one of their engineers, so I used that time to do an upgrade while he was here.
Pricing, Setup Cost and Licensing
The pricing seems fairly standard in terms of the pricing model, so how it compares to other similar products I don’t know. The people I took this to about replacing the other product didn’t seem to blink at the price.
Other Solutions Considered
We ran a PoC for Accelops for a trial period, so we didn’t look as much into other products.
It would be to get as good an estimate as you can of what EPS's you’ll need before you get pricing and so forth. We underestimated what we would need, which is what precipitated ordering additional licensing and not being able to get them right that.
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Aug 03 2015