Educause Security Discussion mailing list archives
Re: IPS Solution
From: Benjamin Parker <parkerbc () MOUNTUNION EDU>
Date: Tue, 5 Feb 2013 11:29:33 -0500
For those who have Palo Alto's what additional features are you using and do you think it is worth the added cost. For example, we have been seeing some more encrypted botnet traffic here that I can't detect because I have not wanted to use the SSL decryption aspects because we don't have URL filtering so I have no way not to break the chain on things like legitimate banking or shopping. Are you doing things like this? Also are you using the wildfire subscriptions, and are there any metrics of how cost effective it has been in blocking malware? I know their sales pitches are pretty spectacular regarding wildfire but is that what real world edu's are seeing? On Tue, Feb 5, 2013 at 10:58 AM, O'Callaghan, Daniel < Daniel.OCallaghan () sinclair edu> wrote:
We've been using PaloAlto since 2008. We initially piloted in 'tap only' mode in conjunction with our primary CheckPoint FWs, and gradually turned on blocking rules and controls of the PA as threats were identified. In 2010, we completely migrated to using the PA. They provide excellent visibility and control into Internet/network traffic and permit really granular control over applications and protocols, and they still support 'traditional' FW rules. The IPS features have significantly helped to reduce compromised machines, and the logging/reporting features are really useful to identify the few that do get compromised. We have had a couple of false positive threats detected over the years, but PA support has been easy to work with and very responsive. We have SIEM, NAC, Mail filtering, etc., but the PA visibility is such that it is where I start most days...power-up the PC, start the coffee, check the PA traffic and threat monitor. _________________________ Dan O'Callaghan CISO, Sinclair Community College 937.512.2452From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, Ronald A. Sent: Monday, February 04, 2013 11:46 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IPS Solution We are about to begin investigating IPS solutions for our environment. So far, we are considering Sourcefire and HP/TippingPoint (yes, we are aware of the problems since the acquisition). I would like to ask the group for their suggestions for a solution that could be used for a small to medium sized EDU with 10 gig backbone and 1 gig to the internet. If anyone would like to include their reasoning for their choice, that would be helpful to us. I would also like to state that any responses from corporate or reseller companies will automatically eliminate them from consideration. Thank you in advance. Ronald King Security Engineer Norfolk State University Marie V. McDemmond Center for Applied Research Suite 401 555 Park Ave. Norfolk, Virginia 23504 Phone: 757-823-3918 Fax: 757-823-2128 Email: raking () nsu edu http://security.nsu.edu
-- Ben Parker Senior Network Engineer University of Mount Union Phone: 330-829-2866 Twitter: @BenParker82
Current thread:
- Re: IPS Solution, (continued)
- Re: IPS Solution John Kaftan (Feb 04)
- Re: IPS Solution Bradley, Stephen (Feb 04)
- Message not available
- Re: IPS Solution Benjamin Parker (Feb 04)
- Re: IPS Solution Hall, Rand (Feb 05)
- Re: IPS Solution Waddell, Stan Adolphus (Feb 05)
- Re: IPS Solution Di Fabio, Andrea (Feb 05)
- Re: IPS Solution Bradley, Stephen (Feb 05)
- Re: IPS Solution Roger A Safian (Feb 05)
- Re: IPS Solution O'Callaghan, Daniel (Feb 05)
- Message not available
- Re: IPS Solution Benjamin Parker (Feb 05)
- Re: IPS Solution Biddle, Rob (Feb 05)
- Re: IPS Solution Hall, Rand (Feb 06)