What is most valuable?
The primary thing I use it for is monitoring IPS because we have 12 or 14 Cisco IPS devices, and the Cisco solution for monitoring that many IPS devices is hokey at best, aside from it being expensive. I also use it when we’re trying to track down activity on a particular IP address – I use the query engine to search for things like that.
How has it helped my organization?
We’ve had some situations where we’ve either gotten hit with a DOS attack or we’ve gotten notification that we’ve been blacklisted because some IP that belongs to us is roaming the internet trying to bogusly log in to SNMP servers. So, we’ll take that IP, or wherever the DoS is coming from, and run a query over the last 30 days or so, to see just what the activity on that machine has been, and make various decisions from that. In a couple of cases it’s meant to shut down the machines and get them off the network because they’ve obviously got some kind of malware on them. In other cases, it’s been a matter of determining the exact scope of DoS – where it came from, how long it lasted, how intense it was, etc.
What needs improvement?
One of the things that actually opened a ticket about (and they couldn’t help me) is when traffic is leaving our network, it’ll only report the source. I would think that if it’s examining the packets that it should also be able to give me the destination. It’s not possible to tell me whether it reached the destination, but it would be helpful to know where it was headed when it left the network. That field is always empty in the query.
For how long have I used the solution?
I've used it for about a year.
What was my experience with deployment of the solution?
No serious issues.The biggest issue I had with their deployment methodology as a virtual appliance – with the way things our VM farms are structured – there are only a couple of people that are allowed to bring up OVAs, which is the way they ship the product, so I have to get their time to do any kind of upgrade.That’s why I recently queried the helpdesk on what was required to do the upgrade that’s available to us (at no cost), and they pointed me to a manual which I haven’t had time to download yet. My guess is I’m going to have to deploy a separate OVA.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
We've not had any issues so far.
How are customer service and technical support?
The only complaint I have is that they wouldn’t issue a license until they had the check in their hands, which is not my experience with other vendors. If you issue a PO for something, usually you get a license immediately – in their case they wouldn’t until they had actually gotten payment, which was a little frustrating. Technical Support
I have tried to open some tickets, and usually they’ll respond with a note at the top of the response. It says “if you’re responding to this email do it above this line,” and I didn’t see that the first time I got an email like that, so for weeks they kept sending me emails saying I hadn’t responded to their initial contact. To me that was a little bit nit-picky.
Which solution did I use previously and why did I switch?
I inherited a solution that was discontinued by the vendor, and I was charged with finding a replacement.
How was the initial setup?
Once we got the OVA file, and I was able to commandeer some time from the appropriate people here, it wasn’t an issue.
What about the implementation team?
It was in-house. Part of the initial purchase included some on-site time with one of their engineers, so I used that time to do an upgrade while he was here.
What's my experience with pricing, setup cost, and licensing?
The pricing seems fairly standard in terms of the pricing model, so how it compares to other similar products I don’t know. The people I took this to about replacing the other product didn’t seem to blink at the price.
Which other solutions did I evaluate?
We ran a PoC for Accelops for a trial period, so we didn’t look as much into other products.
What other advice do I have?
It would be to get as good an estimate as you can of what EPS's you’ll need before you get pricing and so forth. We underestimated what we would need, which is what precipitated ordering additional licensing and not being able to get them right that.