Educause Security Discussion mailing list archives
Re: FW: Q1 Labs: Network Security for Colleges and Universities
From: Jason Richardson <A00JER2 () WPO CSO NIU EDU>
Date: Wed, 6 Oct 2004 08:43:43 -0500
We have not used Q1's product but we did evaluate and ultimately purchase Lancope's Stealthwatch appliance and we have been happy with it. The only thing that I feel that these devices are lacking is the ability to positively identify known "bad" traffic by name instead of the other sort of arbitrary statistical anomaly names that it gives them. E.g., a Sasser like worm that our Lancope device just found on 5 hosts is identified as ICMP flood instead of just calling it by name. I realize that that is what Snort or the like is for, but it seems like it wouldn't be hard to integrate. Lancope sells a console device that aggregates data from multiple Lancope devices, and a few other IDS sensors, including Ghost, but I have not explored that option yet. Anyway, our experience with statistical anomaly based NIDS has been good. --- Jason Richardson Manager, IT Security and Client Development Enterprise Systems Support Northern Illinois University Voice: 815-753-1678 Fax: 815-753-2555 jasrich () niu edu
sjs74 () CORNELL EDU 10/5/2004 11:46:55 AM >>>
We have just purchased this product at Cornell and are working through the steps to get it fully implemented. Feeling like IDS/IPS would not work in our environment we began looking at the Network Based Anomaly Detection space. We brought both Q1 Labs and Lancope in for testing into our environment and selected Q1 Labs based upon our selection criteria. To be honest, I have very high hopes for what this technology will bring to our analysis and incident response capabilties. sjs ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- FW: Q1 Labs: Network Security for Colleges and Universities Jefferson, Ronnie V. (Oct 05)
- <Possible follow-ups>
- Re: FW: Q1 Labs: Network Security for Colleges and Universities David LaPorte (Oct 05)
- Re: FW: Q1 Labs: Network Security for Colleges and Universities GREGORY SEIBERT (Oct 05)
- Re: FW: Q1 Labs: Network Security for Colleges and Universities Willis Marti (Oct 05)
- Re: FW: Q1 Labs: Network Security for Colleges and Universities Steve Schuster (Oct 05)
- Re: FW: Q1 Labs: Network Security for Colleges and Universities Jefferson, Ronnie V. (Oct 05)
- Re: FW: Q1 Labs: Network Security for Colleges and Universities Jefferson, Ronnie V. (Oct 05)
- Re: FW: Q1 Labs: Network Security for Colleges and Universities Willis Marti (Oct 05)
- Re: FW: Q1 Labs: Network Security for Colleges and Universities Jason Richardson (Oct 06)
- Re: FW: Q1 Labs: Network Security for Colleges and Universities Jefferson, Ronnie V. (Oct 06)