http://www.port80software.com/products/serverdefender/

Has anyone used this or heard anything about it?

It seems interesting, we are running a couple dozen web servers and are sick and tired of customers websites constantly getting hacked from running insecure or old versions of web apps like DNN/Joomla etc...

The only problem is the licensing cost - $640+

While it LOOKS good, the only catch that I see is that it's an IIS application, meaning it's windows only.

A 2.6 GHz server should be adequate to handle traffic of several dozen connections per second.

Could be an issue on high traffic servers.

While it LOOKS good, the only catch that I see is that it's an IIS application, meaning it's windows only.
Well yeah, but I suppose Apache has mod_security in any case which does basically the same thing?

Could be an issue on high traffic servers.
How so? Do you think there could be cpu overhead?

How so? Do you think there could be cpu overhead?

Right, there is undoubtedly overhead. It would be impossible to scan all traffic without it. It's just a matter of how much overhead.

The site said it can handle several dozen requests per second on a 2.6ghz CPU. I can't recall what type of configuration it was running on, but I've heard of IIS servicing over 500 requests per second...surely it was on more than a single 2.6ghz CPU, but still it'd be worth getting a trial and comparing the speed and latency differences.

I would be surprised if there weren't issues on high-traffic servers.