IPS sensors are more suited for companies that do not have visibility into their network with third-party analyzing tools. Scenarios would be to place IPS sensors at the perimeter firewalls mainly. IPS sensors are less appropriate for companies that have third-party analyzing tools that will mitigate vulnerabilities and malicious traffic and activities already.
The inspection of data packets before they enter the firewall is a really beneficial to our security team. It segments the data from the LAN and really adds a great layer of security on top of our firewall. The technical support is very responsive and knowledgeable in use case of the product
Tipping point had a very nice GUI interface that sat on top of snort rules. It was easy to access, had nice customization of dashboards and output to syslog for SIEM solutions.
It was easy to configure rule sets, allow groups or singular allow/blocks or white-listing.
Security rule sets could be tweaked up or down and allow/drops signatures could be configured to help increase performance.
Biggest qualms I had with TippingPoint was that it was just a tad on the expensive side for what you get. Nowadays everything has gone UTM in firewalls and they do it all including IPS as part of the basic functionality so really, TP is losing a massive market share.
Don't see a future in the roadmap with so many other vendors getting onto the "unified" wagon and adding IPS as part of their service and at a cheaper price.
IPS sensors provides the necessary network visibility my company needs to satisfy its security appetite. By doing so, we have been able to stay compliant and up to date with today's network security requirements and procedures. We are able to be proactive with vulnerabilities and reactive to malicious traffic and intrusions in our day to day operations.
