IBM/ISS Proventia MX5010 has high IPS catch rate

The Proventia MX5010 is an amazingly fast Internet Protocol Security (IPS) which outclassed the competition when it came to detecting the attacks we threw at it.

Unfortunately, that world-class IPS is housed in a firewall and sporting management system that are not up to enterprise standards. Although our scorecard ranks the Proventia MX5010 high because of its performance and IPS catch rate, few enterprises would feel comfortable with such a primitive firewall at the edge or core of their networks.

The ISS heritage in high-end IPS has been packaged into the Proventia MX5010 with an absolute minimum of controls, probably too few for any enterprise manager to comfortably deploy this in front of a server farm or protecting thousands of users. But more important, the firewall in the Proventia MX5010 is just too oversimplified and uncontrollable for the complex security policy we expect to see in enterprise environments.

The lack of firewall sophistication was startling. For example, no other firewall requires you to write two rules to let NAT traffic through (one for the “before NAT” and one for the “after NAT” addresses), at least not in the past decade, but our Proventia MX5010 did.

The centralized management facilities of SiteProtector are an even greater concern. While the power of SiteProtector to analyze IPS events is as top-of-the-line as it was years ago, we found firewall policy incredibly difficult to write.

More important, SiteProtector just doesn’t work that well with this firewall.

At one point in the middle of our testing, the configurations between SiteProtector and the Proventia MX5010 firewalls somehow fell out of synchronization, and we simply could not push policy to the firewalls. We had to take them out of SiteProtector, configure them using IBM/ISS’s local Web-based GUI, and then put them back into SiteProtector. The firewall-management part of SiteProtector is primitive and more appropriate to the remote office environment it was designed to serve.

While IBM/ISS has a winner of an IPS in the Proventia MX5010, the firewall is really sized and designed to fit best in the branch, and is not suitable for enterprise deployment.

Comment: edit@itworldcanada.com

Share on LinkedIn Share with Google+