So I have been using ET Community Ruleset I also tried Tallos Free.
I want to install IPfire for a small office (medical office) and want to keep it as simple as possible because everyone working there is over 60 y old. They haven’t had a Firewall or IPS in 40 years, just a consumer router .
They are ready to retire but right now they still need to get IPS to comply with something called HIPAA,
I will propose IPFire Firewall. but not sure what Ruleset to propose.
I am having difficulty even to find out exact pricing.
ET Pro was bought by Proofpoint and seems to be around 900-1000 per year, I am not sure if I could justify the cost.
Talso VRT was bought by Cisco and is 30/year for home use and 400 for commercial,
I was not able to figure out difference between ET Pro for 1000 and Talos VRT for 400
I also can;t figure out the difference between ET Community, Talos Community and Tallos Free for Registered Users.
Interesting observation about RAM usage:
ET Comminity : 350-480MB
Talos VRT Registered Free 50-60MB only
personally, I am happy with the ET Community Ruleset as it requires no registration anywhere and the rules are good enough for a larger SOHO setup with some modifications (enabled some scanner rules disabled by default, and disabled some others generating FPs in my setup).
I guess it might be reasonable to start with a free IPS ruleset, and see how things go from there. In case traffic is limited by a strict firewall policy anyway (please refer to this article for further information), attack surface is already pretty limited - most relevant threat would be attacks against web browsers, or similar.
While I run some IPS setups in professional environments, I rarely came across the need to buy IPS rulesets - in most cases, free ones were fine, but your mileage might vary.
Thanks, and best regards,
Peter Müller
P.S.: Indeed, the pricing model of Proofpoint is difficult to understand - good luck searching further.