Re: Schools using SourceFire for IPS

[Patrick Goggins <pgoggins () CARROLLU EDU>]

It really depends upon what a given IPS system is actually seeing that you would be looking to act upon. For some 
schools border firewalls protect all of campus while other schools to be open or as required by state bodies require 
everything to be open. In the open scenario I could see a larger benefit in the automatic remediation of compromised 
systems and protection from the outside of systems attempting to break into systems on campus.

In response to Bill's comment about the 24x7x365, this is a big selling point when organizations are not staffed all 
the time. IPS still allows the fires to be created but keeps them small and puts them out quickly, always remember DID 
to prevent as many of the fires before they have the chance to start.


Patrick Goggins
Network Administrator
Carroll University




-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Seth Hall
Sent: Wednesday, July 21, 2010 11:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Schools using SourceFire for IPS

On Jul 20, 2010, at 4:25 PM, Brad Judy wrote:

> We're currently evaluating options for an IPS replacement project and we're interested in hearing from any EDU's who 
> have deployed SourceFire equipment in an in-line IPS mode. 

Is there anyone willing to speak publicly about the real world benefits or perceived benefits they get from doing 
active IPS as opposed to just passively monitoring traffic in IDS mode?

Sorry for hijacking your topic Brad, but I'd like to find out more generically about the reason why people choose IPS 
over (or in addition to) IDS. :)

  .Seth