Educause Security Discussion mailing list archives
Re: Cisco IronPort
From: "Foerst, Daniel P." <FOERST () CUA EDU>
Date: Tue, 23 Jun 2009 15:05:39 -0400
Hi Mig, That is all very interesting to know. We have begun to preliminarily look at IronPort as we are a large Cisco shop. However we have had many concerns regarding the phishing exploits. Can anyone else speak of alternatives to IronPort that are good and possibly EDU friendly? The latter isn't a prerequisite, but it would be nice to know. -dan Daniel Foerst Manager, Networks & Security The Catholic University of America Washington, DC 20064 ________________________________ From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mig Hofmann Sent: Tuesday, June 23, 2009 1:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Cisco IronPort We have had an Ironport for several years but have been increasingly unhappy with the product's heuristics and phishing detection capability. It just let a large number of phishing emails through this weeek that we feel it should have caught. We have repeatedly asked CISCO to include outside blacklist sources such as Google Code and .edu related forums to better monitor phishing variants but we repeatedly see new variants that get through even though mentioned on these forums and blacklists. We have to assume after discussing this for over a year, that perhaps the .edu domain is not a priority to them else we would expect to see these included in their updates/sigs. We have had Platinum support for a year but it has not helped in this regard much as we can determine. My understanding from talking with the prosecutors on the recent DoJ case was that although CISCO was very helpful in data gathering, almost no university that had an Ironport detected the type of spam the Shah brothers were sending. I'm not sure what that says about the product, but unfortunately it makes it increasingly useless to us for the types of activity and messages we would like to prevent getting through. Mig K. Mig Hofmann Information Security Officer San Francisco State University 1600 Holloway Avenue San Francisco, CA 94132 415-338-3018 mig () sfsu edu www.sfsu.edu -----The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> wrote: ----- To: SECURITY () LISTSERV EDUCAUSE EDU From: "Axworthy, Heather" <haxworthy () UMASSP EDU> Sent by: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: 06/23/2009 09:46AM Subject: [SECURITY] Cisco IronPort Hello all, I'd like to know if any institution out there has deployed a Cisco IronPort device in their network? Just curious as to what you think about it? Ease of use? Reporting? Worth the money? Any information would be greatly appreciated. Feel free to reply off list. Thanks, Heather :: Heather Axworthy , Lead Security Specialist :: University Information Technology Services (UITS) :: University of Massachusetts President's Office :: 774.455.7762 Phone :: 774.455.7733 Fax :: haxworthy () umassp edu <mailto:haxworthy () umassp edu> University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA 01545 : www.massachusetts.edu <http://www.massachusetts.edu/>
Current thread:
- Cisco IronPort Axworthy, Heather (Jun 23)
- <Possible follow-ups>
- Re: Cisco IronPort Clark, Sean (Jun 23)
- Re: Cisco IronPort McCrary, Barbara (Jun 23)
- Re: Cisco IronPort Mig Hofmann (Jun 23)
- Re: Cisco IronPort Bruce Barrett (Jun 23)
- Re: Cisco IronPort Leon DuPree (Jun 23)
- Re: Cisco IronPort Hall, Rand (Jun 23)
- Re: Cisco IronPort Anand S Malwade (Jun 23)
- Re: Cisco IronPort Foerst, Daniel P. (Jun 23)
- Re: Cisco IronPort Mig Hofmann (Jun 23)
- Re: Cisco IronPort David Hale (Jun 23)
- Re: Cisco IronPort Jesse Thompson (Jun 24)