Educause Security Discussion mailing list archives

Re: IPS

From: Dave Koontz <dkoontz () MBC EDU>
Date: Fri, 21 Jul 2006 08:43:31 -0400

We just purchased an ISS Proventia device that will handle our core and
edge, as well as their server agents.  While comparing ISS to Tipping Point
we found them very close in performance and features.  We liked the added
protection and auditing capabilities of the ISS server agents.  One concern
we had with Tipping Point was it's inability to natively monitor
non-standard ports, and while you can add custom ports in TP, you are
limited to 16 per protocol.

They offer educational pricing and we found their pricing right in line with
Tipping Points, making the decision easier for us.

---
Dave Koontz
Associate Director CIS
Mary Baldwin College
Staunton, VA


-----Original Message-----
From: Mclaughlin, Kevin L (mclaugkl) [mailto:mclaugkl () UCMAIL UC EDU]
Sent: Thursday, July 20, 2006 10:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY]

Hi John:
When working at Procter & Gamble I brought in and used ISS Proventia devices
as the IPS to protect our global infrastructure.  I really liked the
Proventia devices and what they provided for us but....  ISS tends to be
more expensive than Tipping Point. When I came to UC I found out that we use
Tipping point and are happy with that product.  When I compared the cost to
the University of Tipping point vs. the cost of the ISS solution I purchased
while in the corporate world I decided that
Tipping Point was definitely the better way to go.   Though, in fairness
I don't know if ISS has an Educational discount that would bring them more
in-line with Tipping Point's pricing.

I could be wrong with this next statement but I thought that the CISCO MARS
product was a monitoring and alerting tool that supplemented (not
replaced) an IDS/IPS system by helping eliminate false positives and
tracking down network issues, click on this link for a SANs writeup on the
product - bottom line was they loved the product:
http://www.sans.org/whatworks/casestudy.php?id=87

Hope this helps.
-Kevin


Kevin L. McLaughlin

CISSP, PMP, ITIL Master Certified

Director, Information Security

University of Cincinnati

513-556-9177 (w)

513-703-3211 (m)

-----Original Message-----
From: John Kaftan [mailto:jkaftan () HOTMAIL COM]
Sent: Thursday, July 20, 2006 9:30 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY]

We are looking into Intrusion Prevention Systems.  We have looked at
Tipping-Point are about to look at Cisco MARS.  Does anyone have any
experiences that they care to share?

John Kaftan

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from
McAfee(r)
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

Current thread:

IPS John Kaftan (Jul 20)
- <Possible follow-ups>
- Re: IPS Wes Young (Jul 20)
- Re: IPS Wood, Anne M (wood) (Jul 20)
- Re: IPS Lee Weers (Jul 20)
- Re: IPS Scholz, Greg (Jul 20)
- Re: IPS John Rasmussen (Jul 20)
- Re: IPS Wayne Bullock (Jul 20)
- Re: IPS Wayne Bullock (Jul 20)
- Re: IPS Dave Koontz (Jul 21)