Re: Cisco IronPort

["Foerst, Daniel P." <FOERST () CUA EDU>]

Hi Mig,
 
That is all very interesting to know. We have begun to preliminarily
look at IronPort as we are a large Cisco shop. However we have had many
concerns regarding the phishing exploits. 
Can anyone else speak of alternatives to IronPort that are good and
possibly EDU friendly? The latter isn't a prerequisite, but it would be
nice to know.
 
-dan
 

Daniel Foerst
Manager, Networks & Security
The Catholic University of America
Washington, DC 20064 

 

________________________________

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mig Hofmann
Sent: Tuesday, June 23, 2009 1:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Cisco IronPort



We have had an Ironport for several years but have been increasingly
unhappy with the product's heuristics and phishing detection capability.
It just let a large number of phishing emails through this weeek that we
feel it should have caught.

We have repeatedly asked CISCO to include outside blacklist sources such
as Google Code and .edu related forums to better monitor phishing
variants but we repeatedly see new variants that get through even though
mentioned on these forums and blacklists.  We have to assume after
discussing this for over a year, that perhaps the .edu domain is not a
priority to them else we would expect to see these included in their
updates/sigs.  We have had Platinum support for a year but it has not
helped in this regard much as we can determine.  

My understanding from talking with the prosecutors on the recent DoJ
case was that although CISCO was very helpful in data gathering, almost
no university that had an Ironport detected the type of spam the Shah
brothers were sending.  I'm not sure what that says about the product,
but unfortunately it makes it increasingly useless to us for the types
of activity and messages we would like to prevent getting through.

Mig



K. Mig Hofmann
Information Security Officer
San Francisco State University
1600 Holloway Avenue
San Francisco, CA 94132
415-338-3018
mig () sfsu edu
www.sfsu.edu


-----The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU> wrote: -----



        To: SECURITY () LISTSERV EDUCAUSE EDU
        From: "Axworthy, Heather" <haxworthy () UMASSP EDU>
        Sent by: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
        Date: 06/23/2009 09:46AM
        Subject: [SECURITY] Cisco IronPort
        
        

        Hello all, 

          

        I'd like to know if any institution out there has deployed a
Cisco IronPort device in their network?  Just curious as to what you
think about it?  Ease of use? Reporting?  Worth the money? 

          

        Any information would be greatly appreciated. 

          

        Feel free to reply off list. 

          

        Thanks, 

        Heather 

          

          

          

          

          

         :: Heather Axworthy , Lead Security Specialist
        :: University Information Technology Services (UITS)
        :: University of Massachusetts President's Office
        :: 774.455.7762 Phone 

        :: 774.455.7733 Fax
        :: haxworthy () umassp edu <mailto:haxworthy () umassp edu> 
        
        University of Massachusetts : 333 South St. : Suite 400 :
Shrewsbury, MA 01545 : www.massachusetts.edu
<http://www.massachusetts.edu/>