Threat Prevention ET pro vs ET open?

Currently reading
Threat Prevention ET pro vs ET open?

22
1
Router
  1. RT2600ac
from Proofpoint itself:
"The Proofpoint ET Open IPS/IDS ruleset collects submissions from one of the largest and most active IDS/IPS rule-writing communities and includes never-seen-before threats. This continually updated list of rules enables monitoring engines to automatically detect and block known, advanced threats. This is an opensource product.
Proofpoint ET Pro Ruleset is a commercial ruleset atop the open IDS ruleset and added support for the Suricata platform. The Proofpoint research team tests all rules for optimum performance and accurate detection. Licensing costs USD$900 per sensor"
 

Shadow

Subscriber
529
173
NAS
DS216+II, DS118, DS718+
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. Windows
Mobile operating system
  1. Android
The way I see it, ET pro may be valuable if you are a hosting/cloud company or something. If you then want to use Threat Prevention to it's fullest potential with all the available support, ET pro is an option.

Altough I would highly doubt using Synology routers in an enterprise-like environment, especially cloud-providers. Think I would stick to professional network gear from Cisco, Juniper or HP or something.
 

Rusty

Moderator
NAS Support
2,463
738
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Well I run it with Open option
 

fredbert

Moderator
NAS Support
Subscriber
1,695
692
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
ET Open cos I'm a tight wad.

For a home / small environment you'll get more than enough alerts and you won't know what to do because there isn't enough information for a normal person to make a decision. Set it with default rules and alerting (email, notifications) and see what you get for a while. You can then decide if some rules that just alert can be changed to drop, and add specific rules too.

Also review the map to get an idea of countries you can start to blanket drop incoming requests using the SRM firewall, if you aren't already doing this with 'allow my country' and 'drop all other requests' rules.
 

fredbert

Moderator
NAS Support
Subscriber
1,695
692
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Just found this resource that lists the updates to the ET Open and ET Pro rules. It provides an interesting view on what the Pro rules add and would a home user normally need to stump up the $$$ for a licence.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top