Educause Security Discussion mailing list archives
Re:
From: Scott Genung <sagenung () ILSTU EDU>
Date: Thu, 20 Jul 2006 16:45:10 -0500
John,We have been using in-line Tipping Point IPS appliances in production since April 2004. The reporting tools are very functional and have had very few false positives (that we've been made aware of!). We are quite happy with this solution
We also use a product from Lancope called Stealthwatch that uses NetFlow export records to identify anomalous behavior based upon application volume baselines. It generates useful reports and can issue temporary shuns to your firewalls dependent upon your policies. Together, this approach has been very effective in identifying sources of threat traffic.
csMARS behaves more like Stealthwatch than an IPS. csMARS also has a SIMS component to it but much of this is limited to Cisco products unless you want to do a great deal of customization.
At 08:30 AM 7/20/2006, John Kaftan wrote:
We are looking into Intrusion Prevention Systems. We have looked at Tipping-Point are about to look at Cisco MARS. Does anyone have any experiences that they care to share?John Kaftan _________________________________________________________________Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
Scott Genung Interim Director Telecommunications and Networking Illinois State University 105 Williams Hall Annex Normal, IL 61790-3500 sagenung () ilstu edu Phone: (309)438-7258Web: http://www.telecom.ilstu.edu
Current thread:
- Re: Scott Genung (Jul 20)