A typical Sourcefire IPS deployment consists of one or more physical Defense Center management console appliances deployed on a trusted network and multiple physical IPS appliances distributed throughout the environment. The appliance can be installed in either a passive, inline, or inline with fail-open deployment option. IPS and Defense Center appliances also can be deployed as software on VMware vSphere and open source Xen hosts to monitor VM-to-VM traffic.
The appliance is accessed via a web-based browser connection. Nice alerting features allow for SNMP, email or syslog automated response. There is also support for automated firewall response, but it is limited to Check Point OPSEC compatibility. We liked the incident management feature that allows one to create and manage an incident through the lifecycle of the incident management process. Reporting is good and includes the ability to generate reports from various event views.
Support is included for a fee of 18 or 22 percent of the purchase price. This solution would make a nice addition to any environment that wants to add IDS/IPS to a layered security solution at a reasonable price point.