Re: Information Security tools

[Chris Green <chrisgreen () GSU EDU>]

I would highly recommend if you aren't already, attending the EDUCAUSE SPC in May to discuss these tools.   This is 
typically where you can get uncut opinions of a large variety of these tools and deployment scenarios.

From: John McMillan <jmcmillan () SOUTHALABAMA EDU<mailto:jmcmillan () SOUTHALABAMA EDU>>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () 
LISTSERV EDUCAUSE EDU>>
Date: Thursday, April 24, 2014 at 10:55 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Information Security tools

We have two different IPS products deployed, and we've used three products in total over the years. There have been 
very few issues related to the rules deployed, none of them very serious. The only major negative impact was related to 
a bug that made one of the sensors stop processing traffic but not fail open as designed.  One of our IPS products is 
also DLP capable, which is on my project list for testing and deployment.

As for SIEM, we really want to find something that we like, but so far everything we've looked at that was promising 
was also very expensive.  I'm curious to hear what others may have to say on that topic.



On Thu, Apr 24, 2014 at 9:05 AM, Jeff Borton <jborton () schoolcraft edu<mailto:jborton () schoolcraft edu>> wrote:
Wondering what this groups thoughts are on using IPS vs IDS systems, and if you have been negatively impacted by one 
over the other.  Also if anyone has used data loss prevention or SIEM tools that they have liked?

Jeff Borton
Executive Director of Information Security