Educause Security Discussion mailing list archives
Re: IPS Solution
From: "O'Callaghan, Daniel" <Daniel.OCallaghan () SINCLAIR EDU>
Date: Tue, 5 Feb 2013 15:58:11 +0000
We've been using PaloAlto since 2008. We initially piloted in 'tap only' mode in conjunction with our primary CheckPoint FWs, and gradually turned on blocking rules and controls of the PA as threats were identified. In 2010, we completely migrated to using the PA. They provide excellent visibility and control into Internet/network traffic and permit really granular control over applications and protocols, and they still support 'traditional' FW rules. The IPS features have significantly helped to reduce compromised machines, and the logging/reporting features are really useful to identify the few that do get compromised. We have had a couple of false positive threats detected over the years, but PA support has been easy to work with and very responsive. We have SIEM, NAC, Mail filtering, etc., but the PA visibility is such that it is where I start most days...power-up the PC, start the coffee, check the PA traffic and threat monitor. _________________________ Dan O'Callaghan CISO, Sinclair Community College 937.512.2452
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, Ronald A. Sent: Monday, February 04, 2013 11:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IPS Solution We are about to begin investigating IPS solutions for our environment. So far, we are considering Sourcefire and HP/TippingPoint (yes, we are aware of the problems since the acquisition). I would like to ask the group for their suggestions for a solution that could be used for a small to medium sized EDU with 10 gig backbone and 1 gig to the internet. If anyone would like to include their reasoning for their choice, that would be helpful to us. I would also like to state that any responses from corporate or reseller companies will automatically eliminate them from consideration. Thank you in advance. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 555 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: raking () nsu edu http://security.nsu.edu
Current thread:
- Re: IPS Solution, (continued)
- Re: IPS Solution Daniels, Shane R (Feb 04)
- Re: IPS Solution John Kaftan (Feb 04)
- Re: IPS Solution Bradley, Stephen (Feb 04)
- Message not available
- Re: IPS Solution Benjamin Parker (Feb 04)
- Re: IPS Solution Hall, Rand (Feb 05)
- Re: IPS Solution Waddell, Stan Adolphus (Feb 05)
- Re: IPS Solution Di Fabio, Andrea (Feb 05)
- Re: IPS Solution Bradley, Stephen (Feb 05)
- Re: IPS Solution Roger A Safian (Feb 05)
- Re: IPS Solution O'Callaghan, Daniel (Feb 05)
- Message not available
- Re: IPS Solution Benjamin Parker (Feb 05)
- Re: IPS Solution Biddle, Rob (Feb 05)
- Re: IPS Solution Hall, Rand (Feb 06)