UnityOne's Network Defense System (NDS) performs intrusion detection, traffic blocking and alerting before traffic gets to the firewall. Tuning itself to the network, it identifies protected devices and services, and reduces the number of meaningless alerts common in other IDSs (intrusion-detection systems). Unfortunately, the product missed some key servers in my tests (see sidebar, "False-Positive Reduction.").
Number of alerts reduced based on network architecture.
At the mercy of TippingPoint for troubleshooting.
Network discovery may miss hosts.
No way to develop or edit signatures.
Managing single installations of the NDS is easy through the Local Security Manager (LSM) Web-based GUI or through a CLI (command-line interface) using telnet or secure shell. You can manage multiple NDSs through the Security Management System (SMS), a hardened, Linux-based appliance accessed through a Java console. The NDS setup is based on segments or pairs of ports. I used three: one Fast Ethernet port for running attacks, and two fiber-based segments for traffic loading.
Ready, Set, Action