Re:

[Scott Genung <sagenung () ILSTU EDU>]

John,

We have been using in-line Tipping Point IPS 
appliances in production since April 2004. The 
reporting tools are very functional and have had 
very few false positives (that we've been made 
aware of!). We are quite happy with this solution

We also use a product from Lancope called 
Stealthwatch that uses NetFlow export records to 
identify anomalous behavior based upon 
application volume baselines. It generates useful 
reports and can issue temporary shuns to your 
firewalls dependent upon your policies. Together, 
this approach has been very effective in 
identifying sources of threat traffic.

csMARS behaves more like Stealthwatch than an 
IPS. csMARS also has a SIMS component to it but 
much of this is limited to Cisco products unless 
you want to do a great deal of customization.

At 08:30 AM 7/20/2006, John Kaftan wrote:
> We are looking into Intrusion Prevention 
> Systems.  We have looked at Tipping-Point are 
> about to look at Cisco MARS.  Does anyone have 
> any experiences that they care to share?
>
> John Kaftan
>
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer 
> virus scan from McAfee® Security. 
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


Scott Genung
Interim Director
Telecommunications and Networking
Illinois State University
105 Williams Hall Annex
Normal, IL 61790-3500

sagenung () ilstu edu
Phone: (309)438-7258
Web: http://www.telecom.ilstu.edu