Educause Security Discussion mailing list archives

Re: IPS Solution

From: "O'Callaghan, Daniel" <Daniel.OCallaghan () SINCLAIR EDU>
Date: Tue, 5 Feb 2013 15:58:11 +0000

We've been using PaloAlto since 2008.  We initially piloted in 'tap only' mode in conjunction with our primary 
CheckPoint FWs, and gradually turned on blocking rules and controls of the PA as threats were identified.  In 2010, we 
completely migrated to using the PA. They provide excellent visibility and control into Internet/network traffic and 
permit really granular control over applications and protocols, and they still support 'traditional' FW rules.  
The IPS features have significantly helped to reduce compromised machines, and the logging/reporting features are 
really useful to identify the few that do get compromised. We have had a couple of false positive threats detected over 
the years, but PA support has been easy to work with and very responsive.
We have SIEM, NAC, Mail filtering, etc., but the PA visibility is such that it is where I start most days...power-up 
the PC, start the coffee, check the PA traffic and threat monitor.   

_________________________
Dan O'Callaghan
CISO, Sinclair Community College
937.512.2452

From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, Ronald A.
Sent: Monday, February 04, 2013 11:46 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IPS Solution

We are about to begin investigating IPS solutions for our environment.  
So far, we are considering Sourcefire and HP/TippingPoint (yes, we are 
aware of the problems since the acquisition).  I would like to ask the 
group for their suggestions for a solution that could be used for a 
small to medium sized EDU with 10 gig backbone and 1 gig to the 
internet.  If anyone would like to include their reasoning for their 
choice, that would be helpful to us.

I would also like to state that any responses from corporate or 
reseller companies will automatically eliminate them from consideration.

Thank you in advance.

Ronald King

Security Engineer

Norfolk State University

Marie V. McDemmond Center for Applied Research

Suite 401

555 Park Ave.

Norfolk, Virginia  23504

Phone:  757-823-3918

Fax: 757-823-2128

Email: raking () nsu edu

http://security.nsu.edu

Current thread:

Re: IPS Solution, (continued)
- - - Re: IPS Solution Daniels, Shane R (Feb 04)
    - Re: IPS Solution John Kaftan (Feb 04)
    - Re: IPS Solution Bradley, Stephen (Feb 04)
    - Message not available
    - Re: IPS Solution Benjamin Parker (Feb 04)
  - Re: IPS Solution Hall, Rand (Feb 05)
- Re: IPS Solution Michael Horne (Feb 05)
  - Re: IPS Solution Waddell, Stan Adolphus (Feb 05)
  - Re: IPS Solution Di Fabio, Andrea (Feb 05)
    - Re: IPS Solution Bradley, Stephen (Feb 05)
    - Re: IPS Solution Roger A Safian (Feb 05)
    - Re: IPS Solution O'Callaghan, Daniel (Feb 05)
    - Message not available
    - Re: IPS Solution Benjamin Parker (Feb 05)
    - Re: IPS Solution Biddle, Rob (Feb 05)
    - Re: IPS Solution Hall, Rand (Feb 06)
    - Re: IPS Solution Mayne, Jim (Feb 05)
    - Re: IPS Solution Di Fabio, Andrea (Feb 05)
- Re: IPS Solution Miller,James R (Feb 05)