Online attacks and malware continue to evolve, using sophisticated methods to exploit victims. WatchGuard Intrusion Prevention Service (IPS) provides a preemptive approach to network security that adds an essential layer of threat detection and prevention. IPS protects your network from a wide range of malicious activities, including SQL injections, cross-site scripting, and buffer overflows.
WatchGuard Intrusion Prevention Service was previously known as WatchGuard IPS.
Our primary use case of this solution is high tech intrusion prevention and detection in
Building Automation and Control Networks (BACnet).
I cannot really remember any hacker attack at our WatchGuard customers due to successful intrusion over years.
Just a few days ago one of our customers had a brute force attack detected and prevented and for us, it is very important that we get alarmed beforehand from the included feature WatchGuard Dimension.
Integration of additional cloud services to be even more effective.
The hardware is very, very stable. We've had no hardware defect in the past ten years. The software is also very stable.
The technical support is very good because when our customer has a problem, they are very dependent on the cloud services and on the WatchGuard as a gateway to the internet. So we are very, very much dependent on good support. This is really good.
We used a dedicated solution but switch to WatchGuard because it is more comprehensive due to the Unified Threat Management (UTM) approach, where IPS is included and it focuses on our SMB customers.
The initial setup was straightforward and, because we only need intrusion detection and prevention, we needed only about four hours to deploy it. We used a template, so it was very effective.
The best is, that the Intrusion Detection and Prevention Module is included in Standard Security. Bu the solution has two suites, the Basic and the Total Security Suite with comprehensive and powerful UTM features. I only regret that one cannot buy single modules out of the Total Security Suite, and that makes it a bit expensive for some SMB customers. But WatchGuard offers a managed service license model for this cases, too.
I have a request for a feature in the next version and that would be to not only have detection and prevention but also action, for example, to shut down the whole system over an application programming interface (api), for example that would be nice. My advice, however, is always to backup as often as you can. Because when it's a particle component, one has to have an effective backup strategy.
You cannot compare this solution to dedicated intrusion prevention systems like Proofpoint or other programs that act only for intrusion detection prevention. WatchGuard is a Unified Threat Management (UTM) system and it's for midsize market customers.
So in the future, I would like to see threat management and intrusion prevention in a single module. I rate this an eight out of ten.
