IBM ISS Proventia Series Comparison Matrix
Uncompromising Protection for Every Layer of Your Network
Multi-Function Security:
Provides a comprehensive, all-in-one network security solution for even the most complex networks. Also helps organizations maintain government regulations and industry compliance requirements (helps address 10 out of 12 PCI requirements). Unified on an extensible platform, the Proventia MFS comes complete with robust firewall, IPsec or SSL VPN, antivirus, anit-spam web filtering and intrusion prevention security modules.
* See sizing guide for detailed information regarding # of concurrent users and active device modules
** Requires optional external bypass unit for fiber interfaces
Intrusion
Prevention System:
Uses IBM Internet Security Systems Ahead of the threat technology to block intrusion attempts, DoS attacks, malicious code transmission, backdoor activity and hybrid network-based threats.
| Proventia Network Multi-Function Security | |||||
|---|---|---|---|---|---|
| Model: | |||||
| GX3002 | GX4 series | GX5 series | GX6116 | IPS for Crossbeam | |
| Typical Deployment | Remote Segments | Remote Segments/Network Perimeter | Network Perimeter/Network Core | Enterprise Core/High-Speed Perimeter connections Carrier Infrastructure | Carrier Infrastructure Enterprise Core/High-Speed Perimeter connections |
| Maximum Recommended Nodes/Users | Unlimited | Unlimited | Unlimited | Unlimited | Unlimited |
| Security Content Updates | Powered by X-Force | Powered by X-Force | Powered by X-Force | Powered by X-Force | Powered by X-Force |
| Form Factor | Desktop Appliance | 1U Appliance | 2U Appliance | 2U Appliance | Crossbeam X40, X45, X80 |
| Capabilities Summary | |||||
| Intrusion Prevention | Yes | Yes | Yes | Yes | Yes |
| Intrusion Detection | Yes | Yes | Yes | Yes | Yes |
| Antivirus (behavior-based) | No | No | No | No | No |
| Antivirus (signature-based) | No | No | No | No | No |
| Content Filtering | No | No | No | No | No |
| Protected segments | No | No | No | No | No |
| Web Application/ Database Protection | Yes | Yes | Yes | Yes | Yes |
| VoIP Security | Yes | Yes | Yes | Yes | Yes |
| Spyware Prevention | Yes | Yes | Yes | Yes | Yes |
| VPN | No | No | No | No | No |
| Hardware-Related Specifications | |||||
| Monitoring or scanning interfaces | 2 x 10/100/1000 Copper | 2 or 4 x 10/100/1000 Copper | 8 x 10/100/1000 Copper or 4 x 10/100/1000 Copper and 4 x 10/100/1000 SFP (TX/SX/LX) 8xSFP/mini-GBIC ports (1,000 TX/SX/LX) | 16 X 1000 SFP (TX/SX/LX) | 8 X 10/100/1000 SFP (TX/SX/LX) per NPM |
| Inline protected segments | 1 | 1 or 2 | 4 | 8 | 4 per NPM |
| Throughput available | 10 Mbps | 200 Mbps | 400 Mbps - 1.2 Gbps | Up to 15 Gbps 6 Gbps inspected |
Up to 3 Gbps per NPM |
| Concurrent sessions (rated maximum) | 200,000 | 1,200,000 | 1,200,000 - 1,450,000 | 4,600,000 | Varies by installation*** |
| Maximum connection per second | 3,750 | 21,000 | 35,000 - 40,000 | 160,000 | Varies by installation*** |
| High Availability/ Failover | Not Available | Not Available | Active/Active Active/Passive |
Active/Active Active/Passive |
Active/Active Active/Passive |
| Host Protection Featrues | |||||
| Log Auditing | N/A | N/A | N/A | N/A | N/A |
| Application Control | N/A | N/A | N/A | N/A | N/A |
| Buffer Overflow Exploit Protection | N/A | N/A | N/A | N/A | N/A |
| Supported Operating Systems/Platforms | N/A | N/A | N/A | N/A | N/A |
| Vulnerability Management Features | |||||
| Scanning Discovery | N/A | N/A | N/A | N/A | N/A |
| Asset Classification | N/A | N/A | N/A | N/A | N/A |
| Vulnerability Assessment | N/A | N/A | N/A | N/A | N/A |
| Scanning Windows | N/A | N/A | N/A | N/A | N/A |
| Workflow Solution | N/A | N/A | N/A | N/A | N/A |
| Results Reporting | N/A | N/A | N/A | N/A | N/A |
| Mail Security Features | |||||
| Spam detection rate | N/A | N/A | N/A | N/A | N/A |
| False positive rate | N/A | N/A | N/A | N/A | N/A |
| Spam and compliance analysis modules | N/A | N/A | N/A | N/A | N/A |
| Anti-phishing/Image-based Spam | N/A | N/A | N/A | N/A | N/A |
| Granular policy control | N/A | N/A | N/A | N/A | N/A |
| Global/group/user settings | N/A | N/A | N/A | N/A | N/A |
| End user access | N/A | N/A | N/A | N/A | N/A |
* See sizing guide for detailed information regarding # of concurrent users and active device modules
** Requires optional external bypass unit for fiber interfaces
*** Determined by the number of blades installed in each implementation
Mail Security System:
Preemptive protection and spam control for your messaging infrastructure.
* Based on real world message flow, containing messages of varying sizes including variants with attachments and/or images
Enterprise Scanner:
Offers vulnerability protection and helps quantify and reduce overall risk to all network components. Appliance or software solutions identify where risk exists, prioritize and assign protection, and report results.
* Based on real world message flow, containing messages of varying sizes including variants with attachments and/or images
Proventia Network Software:
Combines multi-layered technologies to protect desktops and servers from the growing threat spectrum while enabling them to keep data and applications reliable, available and confidential.
- IBM Proventia Server Intrusion Prevention System
- IBM RealSecure Server Sensor
- IBM Proventia Endpoint Secure Control



