Re: IPS recommendations

[Bryan Zimmer <bzimmer () UCSC EDU>]

We demoed a PA box and were impressed, but I'm a bit concerned about using them to replace an IPS in a large 
environment. We do hope to get some some PA boxes for smaller environments around campus though. The biggest thing that 
bothered me was the inability to tune alerts. Say there's a rule that's alerting a lot and we want to tune it so that 
it only alerts on certain IP addresses, or doesn't alert on certain IP addresses. I don't remember the exact steps but 
it seemed like a very convoluted and non-scalable process to accomplish that. I'm no PA expert though.
What are the PA owners out there doing to tune their alerts?

----
Bryan Zimmer
Senior Security Analyst
UCSC Security Team


On Nov 8, 2012, at 1:57 PM, Walter Petruska <wpetruska () USFCA EDU> wrote:

> Same situation here- our Tipping Point was EOL, and we replaced it with Palo Alto Networks device. It's been working 
> great, we're retiring the Tipping Point box next week, and expect to add more PANs in the near future.
>
> Walter Petruska
> University of San Francisco
>
> On Thu, Nov 8, 2012 at 12:27 PM, Entwistle, Bruce <Bruce_Entwistle () redlands edu> wrote:
> Our current IPS is reaching EOS, so we would take this opportunity to look at alternatives to our existing Tipping 
> Point unit.  I was looking to see what everyone else is using and how well it is working for them.
>
>  
>
> Thank you
>
> Bruce Entwistle
>
> University of Redlands
>
>  
>
>
>
>
> -- 
> Walter Petruska CISSP, CISA, CGEIT
> Information Security Officer
> infosec.usfca.edu
>
>
>
> University of San Francisco
> Lone Mountain North - 2nd Floor
> 2130 Fulton Street
> San Francisco, CA 94117
> ITS Help Desk, Phone: 415-422-6668
> Fax: 415-422-6719