Actually, we are using SiteProtector 8 right now with lots of realsecure and a few proventia clients. We are looking at migrationg from that platform to CSP. Infact I am giving a talk on this at one of the Symantec online Forums on Dec 15th.
Although I will not be talking much about ISS and the problems we have had, but here are just a few items....
1) proventia/realsecure are not supported on many platforms - We have a number of problems running on many platforms. As of this email, we still are waiting for IBM to deliver a version of proventia that will run on Windows 2008 (r2). We got a beta release to install on one of 5 machines, but it causes CPU lockups.
2) Network Stability problems - WE have deployed linux proventia, but we just have had three web critical servers go down... still working on this, but it is something to do with proventia and the iptables stacks. We also have a huge history of problems on Solaris.
3) Any updates that come out seems to cause a problem with at least one or two machines. So it may be < 1% of machines we run, but they are all critical machines.
4) it is extensively CPU bound! proventia is basically doing pattern scanning on every packet. CSP does NOT do this, and is MUCH more friendly to the CPU.
5) Because of the items we had, we need to fully regression test any updates. this means that we loose valuable time for updates. if It takes a month to get critical updates, how useful is it?
As for CSP, it excels in MANY of these areas. Our support teams love it, as they are not afraid of it. Infact, instead of them notifying us of problems with a machine because of a proventia hids agent going bad. We are now telling them about problems with machines.
1) CPU overhead is VERY light.
2) change control to policies is EASY to push out and you are confident that it will not take things down.
3) it is supported (and runs well) on virtually every practical platform. Even NT4 if you wanted to.
4) Very easy to roll out the client.
Just to say a few things that can be challenges with CSP...
1) Initial learning curve can be big.
2) tuning can be a battle. the documentation and technique is not documented well. However, there is a simple technique that works well that makes it simple.
3) as for protection.. there are a few holes... like sql injection. it can be difficult to capture with CSP. Howeever, I also always recommend a NIDS product. as well. together they will catch many things and work well. Infact, our biggest proventia use comes from the NIDS. If it wasn't for them, we would have thrown it out a LONG time ago.
-Don Schleede