Pros: The product was able to identify threats coming into the network. However, it was unable to distinguish threats that had been blocked by other gateway or security appliances.
Cons: My biggest concern is it did not provide enough contextual information. It gave a very worrying picture of the environment that took a week to unpack because we needed to further trace the information. As it turned out all of the ¿security incidents¿ were blocked by other security appliances. But as the tap at the time did not look at the disposition of the connections just the source IP addresses and locations it created an intense amount of worry