Re: TippingPoint and Cisco IDSM2 IPS offerings (cross-posted to NETMAN)

[Scott Genung <sagenung () ILSTU EDU>]

David,

I would echo the comments from Chris. We performed a product evaluation of
the Tipping Point 1200 series IPS last April when Sasser first emerged. We
had a strain for which our AV vendor (McAfee) did not yet have a virus.
Because the product reported signature matches on the vulnerability (and
not the specific Sasser variant), we were able to block a great deal and
then identify infected hosts from day 1. We were sold after that. We bought
2 of the 1200s and plan on buying a 3rd later this year. We have them
inspecting traffic between each of our 5 ResNet environments and our campus
backbone as well as WAN connectivity to the core. The reporting
capabilities of the product isn't as flexible as I would like but it's
better than most.

We don't have any experience with the the IDSM2 (although we discussed it
earlier this year). We do have a pair of Cisco 4235 IDS sensors. Our
lessons here was that we had performance problems on the 6500 we were using
to span ports. We were told to use VACL capture as an alternative but never
had time to make this change before the spring semester ended. We have had
nothing but problems with the reporting tool (VMS). We have heard rumors
that Cisco will release an IPS image for their sensor appliances and the
IDSMs at the tail end of this year. It's difficult to say how they will
stack up against the Tipping Point solution.

At 05:01 PM 8/29/2004, you wrote:
>         We use tipping point 2400s in our network and have been quite
> pleased.  We use them at the core to handle gig ethernet trunk links.  This
> fall we installed two new ones to protect our residential network.  Due to
> scheduling problems, we were not able to finish the installation before the
> students moved back in.  The very first day, we had a network meltdown due
> to sasser.  The Tippingpoints were rushed into production and the network
> has been fine since.   The tipping points are stopping over 200K hits per
> hour during some of the peaks last weekend.  This has given us time to find
> and fix infected computers, without a significant impact on client usage.
>
>         One of TippingPoints strong suits has been support.  Our network
> engineer is not one to complement lightly.  After several problems which
> would normally have left him grumbling about the company, he commented that
> they are a class act.  Our experience has not been perfect, but all in all
> it has been very good.  Well worth the cost in my opinion.
>
>         I don't work for Tipping Point and I don't get any benefit from
> them for posting this.  Your mileage may vary.
>
>
> At 04:21 PM 8/28/2004, you wrote:
> > (This message has been cross-posted to NETMAN () LISTSERV EDUCAUSE EDU)
> >
> > Oklahoma State University is considering solutions for intrusion
> > prevention, IDS, and rate limiting on our network.  We have evaled a
> > Tippingpoint UnityOne device and were intially pleased.  We have also
> > been asked to consider a Cisco IDSM2 module in a 650x chassis for IPS
> > abilities.
> >
> > Has anyone used either of these solutions who could share your insight
> > and experience of the effectiveness and value of these devices (or
> > others)?
> >
> > Thank you,
> >
> > David Skrdla
> > Network Security Analyst
> > Systems Security Office
> > IT/Technology Operations
> > Oklahoma State University
> > Ph. 405-744-7806
> >
> > **********
> > Participation and subscription information for this EDUCAUSE Discussion
> > Group discussion list can be found at http://www.educause.edu/cg/.
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/cg/.


Scott Genung
Manager of Networking Systems
Telecommunications and Networking
Illinois State University
124 Julian Hall
Normal, IL 61790-3500

Phone: (309)438-7258
Web: http://www.tel.ilstu.edu

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.