Threat Prevention ET pro vs ET open?

Currently reading
Threat Prevention ET pro vs ET open?

horizonbrave

horizonbrave

23
1
Router
  1. RT2600ac
from Proofpoint itself:
"The Proofpoint ET Open IPS/IDS ruleset collects submissions from one of the largest and most active IDS/IPS rule-writing communities and includes never-seen-before threats. This continually updated list of rules enables monitoring engines to automatically detect and block known, advanced threats. This is an opensource product.
Proofpoint ET Pro Ruleset is a commercial ruleset atop the open IDS ruleset and added support for the Suricata platform. The Proofpoint research team tests all rules for optimum performance and accurate detection. Licensing costs USD$900 per sensor"
 
Shadow

Shadow

777
291
NAS
DS216+II, DS118, DS718+, DS720+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
The way I see it, ET pro may be valuable if you are a hosting/cloud company or something. If you then want to use Threat Prevention to it's fullest potential with all the available support, ET pro is an option.

Altough I would highly doubt using Synology routers in an enterprise-like environment, especially cloud-providers. Think I would stick to professional network gear from Cisco, Juniper or HP or something.
 
fredbert

fredbert

Moderator
NAS Support
Subscriber
4,304
1,721
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
  4. WRX560
Operating system
  1. macOS
Mobile operating system
  1. iOS
ET Open cos I'm a tight wad.

For a home / small environment you'll get more than enough alerts and you won't know what to do because there isn't enough information for a normal person to make a decision. Set it with default rules and alerting (email, notifications) and see what you get for a while. You can then decide if some rules that just alert can be changed to drop, and add specific rules too.

Also review the map to get an idea of countries you can start to blanket drop incoming requests using the SRM firewall, if you aren't already doing this with 'allow my country' and 'drop all other requests' rules.
 
fredbert

fredbert

Moderator
NAS Support
Subscriber
4,304
1,721
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
  3. RT6600ax
  4. WRX560
Operating system
  1. macOS
Mobile operating system
  1. iOS
Just found this resource that lists the updates to the ET Open and ET Pro rules. It provides an interesting view on what the Pro rules add and would a home user normally need to stump up the $$$ for a licence.
www.proofpoint.com

Daily Ruleset Update Summary | Proofpoint US

Get daily technical security updates from the Proofpoint Threat Operations Center experts.
www.proofpoint.com www.proofpoint.com
www.proofpoint.com

Emerging Threat Intelligence - Cyber Threat Solutions | Proofpoint US

Discover how Proofpoint emerging threat Intelligence delivers timely and accurate cyber threat intelligence to provide deeper context and seamless integration with security tools.
www.proofpoint.com www.proofpoint.com
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

fredbert
Threat Prevention "ET EXPLOIT [Possible] Apache log4j RCE Attempt" signatures added to ET OPEN
It's all triggered in SRM's Threat prevention on 'tickles' coming from the Internet. I'd rather have these...
Replies
3
Views
3,313
fredbert
fredbert

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Top