RoadClosed: Don't misunderstand me from this point on......

Speaking as one who works in a non-profit, (read: no frigging cash.....), industry I am a cheap B@stard when it comes to stuff as you picked up in the thread you mentioned I'm sure....<LOL>

$30k is a **** load of cash and, IME, it won't stop there..... Look at the recurring cost.... I'll bet it exceeds $5k and probably $10k. So your TCO for the first 5 years, (by which time it will be obsolete), is in the vicinity of $50-$80k.... Ouch.....

Now, no-one is saying that it won't take time to learn the "less expensive" stuff but it sure will take less time than 5 years. Take PureSecure for example. To you, (a commercial shop by the sound of it), IIRC, it would cost you $1500 for the main sensor and $100 for each additional. But there's a real bonus in that alone: It runs Snort which you can tweak really easily to meet your needs, it contains both NIDS and HIDS that are centrally monitored and can alert the sysadmin immediately things look funny, it can be set to update the snort rules nightly.... Using Snort 2.0 they have fixed the Flexresp.... I still haven't played with it yet but you can react to incoming packets with that so technically it is somewhat defensive too......

I dunno..... I don't see the benefit of this system over and above what anything else will provide with some work on your part especially bearing in mind the adage I live by: "It isn't a matter of if I get hacked.... It's when...." I believe it is our job to secure what we can but be more careful about recognizing the signs of a compromise, confirming it has taken place by having voluminous logs files and then mitigating the damage. It strikes me that this system's overwhelming feature is that of making you lazy..... "No time to scan the logs today.... no Prob.... that box is protecting me......... Ooops..... who changed the web site!!!!!"

And finally here is your _real_ kicker..... There you are fat dumb and happy a year after installing this box..... Everything has gone swimmingly..... No compromises..... and less work.... But, as you gleefully noted, "this box is in-line"..... OK.... The box just failed....... You have no inbound or outbound connectivity..... Your whole system is down unless you remove the box.... But you have nothing to replace it with and you have no time to learn how to use all the free stuff until they come up with a new box...... Now there's my opportunity to make entry.... and you'll never even know.....

Just my thoughts and I do understand if this is a "must secure it now" and management says "we don't have time for you to learn and test".......