Radware DefensePro DP102 review
When firewalls aren't enough Radware's DefensePro steps in with frontline IPS and DoS protection and its unique dynamic attack signature generation
Review Date: 31 Oct 2008
Reviewed By: Dave Mitchell
Price when reviewed: £4,306 (£4,952 inc VAT)
Features & Design
Value for Money
Attacks on networks are getting so sophisticated that a standard firewall may no longer be able to protect against them all. That's Radware's philosophy and its DefensePro appliances are designed to sit in front of your firewall and provide top-level intrusion prevention and DoS protection for networks and individual servers.
These new attack types use legitimate application services which makes it less likely they'll get picked up by static signature-based IPS solutions as they aren't exploiting known vulnerabilities. Session-based HTTP floods are a good example where a botnet of infected systems requests legitimate web pages. Standard IPS systems will probably just see the increased levels of traffic and block all requests so stopping genuine users accessing these services.
The DefensePro uses behavioural analysis for the network, servers and clients and generates real time signatures. In our example the infected systems would be making multiple requests for a small number of pages whereas genuine browsing habits would be completely different. Based on these patterns the appliance creates a signature specifically for the attack taking place allowing normal services to be accessible whilst blocking attacking systems.
The DP102 on review protects a single network segment and functions as a transparent gateway so we just dropped it straight into our network between our firewall and Internet router. For management Radware offers two versions of its APSolute Insite product where the standalone software version only currently supports Windows XP. The ManagePro appliance provides a central location for managing all of Radware's products.
Insite opens with a global view of all managed appliances where we defined the unit's management IP address and set up SNMP trap sending and reporting. From the appliance's Connect and Protect window you define your policies where the Network option combines traffic sources, the protected network segment and an action. Here, you can protect against network worms, known application vulnerabilities, DoS/DDoS attacks and so on and set connection limits.
Server policies look after individual systems on the LAN and protect against a wide range of attacks including HTTP and SYN floods, server cracks such as application scans and brute force attacks. Suffice to say Radware has all the main avenues covered and the use of multiple policies allows the DP102 to be customised to suit a wide range of requirements.
For testing we set up the DP102 to protect our LAN and placed an attack system and genuine clients on the outside. We ran a variety of network attacks including TCP SYN floods and TCP scans and the DP102 identified and blocked them according to our policies. We also tried an HTTP flood attack on a 2003 R2 server running IIS and watched the appliance block it but allow our normal clients to access its web pages during the attack.
Reporting facilities are very impressive as you can view a history of all attack types, watch them in real time and see which systems were involved. The DashBoard is also useful as its radar sweep shows attacks as they occur and graphs alongside show distributions, targets and severity levels.
Companies running business critical web services can't afford to have genuine customers affected by the new wave of web attacks. The DP102 is easily deployed and its unique method of dealing with the latest threats means you can now extend your defences beyond the firewall.
Author: Dave Mitchell
- BBC admits £100 million IT project was a "waste"
- ISPs offer network-level porn filters to dodge "regulatory threats"
- Intel: PC designs "not compelling enough"
- Microsoft reinstates the Start button – on a mouse
- Facebook tells EE to stall launch of HTC First
- Google considers $1 billion bid for satnav firm Waze
- Hyperoptic extends 1Gbit/sec broadband beyond London
- PC Pro Enhanced: an update
- Samsung racks up ten million Galaxy S4 shipments
- Lenovo defies PC slump to post 90% profit increase
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- 38 best iPad apps
- 35 best web apps
- Software subscriptions return us to a life of servitude
- Dropbox: everything you need to know
- Best smartphones for 2013
- The best broadband speed tests
- iPhone apps for business travel
- How to get a job as a mobile games developer
- 25 best Windows 8 apps
- Introducing Arduino - a simple Raspberry Pi alternative
- The ICO's shame-faced u-turn on cookies
- Start8 and ModernMix: making Windows 8 work on a desktop
- How to boost your mobile reception
- How to fix Facebook: Social Fixer
- Taking the stress out of WordPress updates
- Where to download free web fonts
- Turn your tablet into a Sky+ remote control
- How to measure the success of a new IT system
- Three years on: the state of the tablet market
- Windows 8: what works and what doesn't
There are dozens of exciting prizes up for grabs on PC Pro Competitions. All our competitions are free to enter. Try your luck.ENTER NOW