Security Basics mailing list archives

RE: Cisco CSA

From: "Gary Freeman" <Gary.Freeman () rci rogers com>
Date: Fri, 28 May 2004 08:29:18 -0400

I agree with Bryan,

Better to use an inline distributed solution to a major problem like
worm propagation than try to police every workstation.  We have a
standard desktop with McAfee and Microsoft updated via a scheduler.  CSA
is fine for systems running Cisco's agent but what about vendor laptops
or rogue systems that don't adhere to the corporate policy.  They (in
our experience) are the usual suspects when faced with systems that
don't conform to our policy.

We use IDS (haven't chosen an IPS vendor) and NetScout to watch the
network core and all of the remote edge networks for worms.  We are also
analyzing netflow statistics with Arbour now to detect infected
workstations.

Cisco pitched us on CSA last year when we had Nachi and they had just
acquired the product.  The product falls short of meeting all
requirements and in the final analysis, added more over-head to desktop
management. 

// Gary Freeman //

-----Original Message-----
From: bryan_khoo () dynacraft com [mailto:bryan_khoo () dynacraft com] 
Sent: Wednesday, May 26, 2004 8:18 PM
To: Cherian Palayoor
Cc: security-basics () securityfocus com
Subject: Re: Cisco CSA


Hi Cherian,
              You can look into product like IPS. I think it should be
better than CSA.

Rdgs,
Bryan



                 *** TOWARDS CUSTOMER CENTERED CULTURE ***
        ** Dynacraft is a QS9000 and ISO14001 certified company **

|---------+---------------------------->
|         |           Cherian Palayoor |
|         |           <securinet2004@ya|
|         |           hoo.ca>          |
|         |                            |
|         |           05/26/2004 07:35 |
|         |           AM               |
|         |                            |
|---------+---------------------------->

-----------------------------------------------------------------------

----------------------------------------------------------------------|
  |
|
  |       To:       security-basics () securityfocus com
|
  |       cc:
|
  |       Subject:  Cisco CSA
|

-----------------------------------------------------------------------

----------------------------------------------------------------------|




Hi,

Can anyone give me some feedback on the Cisco Security
Agent. This product claims to stop malicious behaviour
on machines infected by any malware.

We were recently hit pretty hard by Sasser. Cisco has
since been trying to sell us this product as a
heuristic solution to malicious activity on the
network. The product does not depend on any signature
updates and is entirely behavioural.

Cisco puports to have successfully stopped Sasser from
doing any damage.

Can anyone confirm this to be a fact. The product does
not come cheap.

Thanks in advance.

Regards

Cherian


______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca

------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less

to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


"Visit Our Website at :- www.dynacraft.com"




------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

Current thread:

Cisco CSA Cherian Palayoor (May 26)
- RE: Cisco CSA Jason Jaszewski (May 28)
- <Possible follow-ups>
- RE: Cisco CSA Damon Brinkley (May 27)
- Re: Cisco CSA John Kingston (May 27)
- Re: Cisco CSA professor buddha (May 27)
- RE: Cisco CSA Ralph H. Chapman (May 27)
- Re: Cisco CSA bryan_khoo (May 27)
- RE: Cisco CSA Dante Mercurio (May 28)
- RE: Cisco CSA Scherer, Brian (May 28)
- RE: Cisco CSA Gary Freeman (May 28)
- RE: Cisco CSA Dave Gonsalves (May 29)
  - RE: Cisco CSA Ayers, Diane (May 31)