When I first looked at Lucid Security's ipAngel ("The Great IPS Test") over a year ago, the adaptive intrusion prevention system showed promise, but was lacking in some features, such as external event logging and current status views. It also suffered from an overly restrictive registration process. Lucid took the constructive criticism to heart and addressed each complaint, resulting in the ipAngel AVX-400, an improved model whose adaptive design will serve environments that have few resources to devote to managing an IPS.
Unfortunately, the product's signature database and design is squarely focused on server vulnerability protection, leaving clients to largely fend for themselves. Some signatures may also have to be manually enabled because the product's auto-tuning process won't detect all vulnerabilities.
Lucid's Web site touts installation and configuration in 30 minutes, and that isn't an exaggeration. I powered up the new ipAngel and used a serial cable connected to a laptop to start configuring it as the guardian for my five-device home network. Once I gave the device its IP address and wired it in-line between a cable modem and a router, I was given the choice of performing an automated online setup or a manual offline setup to register the product and download the latest updates. This change from the older version, which allowed only an automated online setup, was appreciated. Previously, if an organization had a separate isolated management network for security devices, the device had to be configured on another network and moved back and forth for updates. One minor bug in the process was that the SSL certificate for the registration Web site expired over a year ago--disconcerting for a security company, but hardly a major flaw.
|
Good
• Access to underlying Linux system if needed Bad • Lacks signature database
• Auto-tuning needs a tune-up ipAngel model AVX-400, $18,995, 800-371-3392 www.lucidsecurity.com
|
One of the newest improvements in the product is the number of both detected vulnerability signatures and protective IPS signatures and the correlations between them. The new signature database boasts over 2,500 signatures, most of which are now automatically correlated with vulnerability detection--that is, the device can decide in real-time what IPS signatures to enable based on vulnerability results. However, some signatures (client protection, for example) aren't discoverable from active scanning, and the current set of signatures is biased toward enterprise application and server protection. Nonenterprise applications and end-user workstations won't be protected as effectively by ipAngel.
When I tried to introduce a vulnerable AWStats program onto a server to have ipAngel discover and protect it, the product was unable to find the vulnerable version during the scan phase and thus never turned on the appropriate signatures. (AWStats is actively exploited in the wild by the Lupper worm.) Letting ipAngel turn on and off signatures keeps the device streamlined in regards to performance, but could let some attacks through that should otherwise be blocked. The administrator can always custom-tune his or her own signatures, of course, but that obviates the main feature of the product.
When it works, however, it works well and with little effort. The interface is smooth and easy to use, and because ipAngel actively scans for hosts using its integrated Nessus vulnerability scanner, it does a good job finding devices on the network, whether or not the device is active. It even found a host on my network I had forgotten about. Alas, the vulnerability scan crashed the Web server on the cheap router it found, but I blame the cheap router for that. Still, such upsets are a consideration when using active scanning of this sort in environments where lower-end networking gear is deployed.
Upping the bang-for-your-buck ratio, ipAngel also makes a good in-line firewall. The interface for firewall management is simple yet powerful, and with the custom hardware for speedy packet processing and fast failover, it handles the important parts of being an in-line device well.
The ease of deployment and use are definitely strong points for ipAngel. Additionally, under-the-hood Linux may be an advantage in some environments, enabling the customer to tinker with the applications. Look for ipAngel to get its wings in the future as an all-around IPS, but it's not quite there yet at present. ipAngel model AVX-400, $18,995, Lucid Security, 800-371-3392
Jordan Wiens is the senior network security engineer at the University of Florida.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
