Educause Security Discussion mailing list archives
Re: Information Security tools
From: "Coffman, Tobiah" <tcoffman () BSU EDU>
Date: Thu, 24 Apr 2014 18:42:48 +0000
Jeff, We have a Sourcefire IPS product currently deployed. It's been in production for about 18 months. During that time we've had two issues. First, not long after deploying we had legitimate sites get added to the blacklist. We turned off that feature after that. After that, we had an issue where some authentication traffic was getting misidentified. Other than that, it's been great. We've worked with IDS in the past, and it never worked out. We got a lot of data, but it wasn't valuable. In addition to attack traffic, this device coupled with our traffic shaping device has effectively completely eliminated our copyright notices. We've had 2 in 18 months. We purchased an SIEM solution this past fall. We ended up going with EventTracker for a good mix of features and cost. I would check it out and also, if you're an Internet 2 member, check out Splunk which has good discounts. Finally, we're a Symantec customer for their DLP product. It's a good product and we've gotten a fair amount out of it, but it's really expensive. I would pursue something like that if you feel like you've cleaned up the more important stuff. If you have any follow-up questions, feel free to contact me off-list. -Tobey Coffman, CISSP Director of Information Security Ball State University From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of John McMillan Sent: Thursday, April 24, 2014 10:56 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Information Security tools We have two different IPS products deployed, and we've used three products in total over the years. There have been very few issues related to the rules deployed, none of them very serious. The only major negative impact was related to a bug that made one of the sensors stop processing traffic but not fail open as designed. One of our IPS products is also DLP capable, which is on my project list for testing and deployment. As for SIEM, we really want to find something that we like, but so far everything we've looked at that was promising was also very expensive. I'm curious to hear what others may have to say on that topic. On Thu, Apr 24, 2014 at 9:05 AM, Jeff Borton <jborton () schoolcraft edu<mailto:jborton () schoolcraft edu>> wrote: Wondering what this groups thoughts are on using IPS vs IDS systems, and if you have been negatively impacted by one over the other. Also if anyone has used data loss prevention or SIEM tools that they have liked? Jeff Borton Executive Director of Information Security
Current thread:
- Information Security tools Jeff Borton (Apr 24)
- Re: Information Security tools Jeff Borton (Apr 24)
- Re: Information Security tools John McMillan (Apr 24)
- Re: Information Security tools Chris Green (Apr 24)
- Re: Information Security tools Coffman, Tobiah (Apr 24)