Threat Prevention ET pro vs ET open?

Currently reading
Threat Prevention ET pro vs ET open?

from Proofpoint itself:
"The Proofpoint ET Open IPS/IDS ruleset collects submissions from one of the largest and most active IDS/IPS rule-writing communities and includes never-seen-before threats. This continually updated list of rules enables monitoring engines to automatically detect and block known, advanced threats. This is an opensource product.
Proofpoint ET Pro Ruleset is a commercial ruleset atop the open IDS ruleset and added support for the Suricata platform. The Proofpoint research team tests all rules for optimum performance and accurate detection. Licensing costs USD$900 per sensor"
 
The way I see it, ET pro may be valuable if you are a hosting/cloud company or something. If you then want to use Threat Prevention to it's fullest potential with all the available support, ET pro is an option.

Altough I would highly doubt using Synology routers in an enterprise-like environment, especially cloud-providers. Think I would stick to professional network gear from Cisco, Juniper or HP or something.
 
ET Open cos I'm a tight wad.

For a home / small environment you'll get more than enough alerts and you won't know what to do because there isn't enough information for a normal person to make a decision. Set it with default rules and alerting (email, notifications) and see what you get for a while. You can then decide if some rules that just alert can be changed to drop, and add specific rules too.

Also review the map to get an idea of countries you can start to blanket drop incoming requests using the SRM firewall, if you aren't already doing this with 'allow my country' and 'drop all other requests' rules.
 
Just found this resource that lists the updates to the ET Open and ET Pro rules. It provides an interesting view on what the Pro rules add and would a home user normally need to stump up the $$$ for a licence.
 
hi Team anyone know a online forum where analysis of the alert triggers on security onion is studied in depth as i am trying to drill down on a log4j alert with (tcp ldap) and lower/upper TCP bypass as i suspect these are variations of log4j vulernability parameters and looking to understand it thanks
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Wife suddenly cannot open any Word or Excell Documents....On her W10 Pro laptop (She doesn’t change...
Replies
0
Views
734
It's all triggered in SRM's Threat prevention on 'tickles' coming from the Internet. I'd rather have these...
Replies
3
Views
4,554

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top