The Nortel Threat ProtectionSystem runs on aSourcefire platform,something that surprised us. Theproduct is a flexible systemcomposed of multiple sensors anda management console.
This system is customised withspecific policies built by anadministrator. While the system iscompletely customisable, its lackof solid documentation and itscomplexity could open the doorfor implementation error.
As with the Sourcefire product(p59), this product is really meantto be deployed as a full suite, andtackling specific IPS functionswas tricky.
We found the administrator’sweb interface to be confusing andunorganised, and configuring thesystem became an in-depthexercise of creating policies fromthe ground up.
The Nortel system also seems tobe somewhat unstable underattack. After building policies andconfiguring the system, we foundthat is was not very effective atstopping our scans or intrusions.It was one of about half theproducts we tested that wasunable to protect its networkagainst certain types of attack.
The Nortel Threat ProtectionSystem comes with multipleprinted manuals, each one for aspecific part of the configurationor specific device in the system.While extensive, we found that oncertain points the manuals did notmatch up with what we wereseeing on the screen, and some ofit seemed wordy and unclear.
Nortel offers a support website,but we did find it unorganised. Auser must first have an account toaccess many areas of the site. Ifthe user does not have anaccount, access is restricted toviewing product documentationand overviews. Nortel also offersfree email support, but for allother support a user is required topay for a service contract.
Priced at £14,250 for theconfiguration we tested, thissystem sits right between some ofthe more expensive systems andsome of the less costly ones. Wefind that, if set up and configuredcorrectly (particularly if deployedas a full suite), this system can bea fairly good investment for largernetworks, but given its complexityit might not be as useful for smallto medium-size companies.