Educause Security Discussion mailing list archives

Re: Cisco Security Agent and other HIPS

From: David Grisham <Dgrisham () SALUD UNM EDU>
Date: Fri, 19 Jan 2007 14:21:32 -0700

We decided to purchase.  We were running version 4.5 & 5.0 for quite a while.  We are now moving up-to version 5.1.  
Does a very good job on our workstations and we like the server protection.  The real consideration that we found after 
the fact was that you need to have a stable environment for servers and/or workstations.  Otherwise, you spend a lot of 
time modifying the rules.  
The ROI was the savings of FTE with our technician staff who got to stop going out and rebuilding compromised/infected 
workstations.  Also analyst time rebuilding compromised servers dropped significantly.
Cheers.-grish
David Grisham, Manager, IT Security, UNM hospitals

Dave Koontz <dkoontz () MBC EDU> 1/19/2007 1:44:15 PM >>>

We chose ISS because they had an integrated IPS appliance as well as their
HIPS software which are all centrally deployed and managed.  It was the
deciding factor for us between IPS vendors like SourceFire and Tipping
Point.

----
Dave Koontz
Mary Baldwin College
Staunton, VA 24401


-----Original Message-----
From: Jason Richardson [mailto:JasonR () GWM SC EDU] 
Sent: Friday, January 19, 2007 3:30 PM
To: SECURITY () LISTSERV EDUCAUSE EDU 
Subject: Re: [SECURITY] Cisco Security Agent and other HIPS

Hi Gary, we're evaluating HIPS products for the same purpose but CSA didn't
make our list.  These three did:

Internet Security System's Proventia Server -
http://www.iss.net/products/index.html 
McAfee -
http://www.mcafee.com/us/enterprise/products/host_intrusion_prevention/index 
.html
and
Third Brigade - http://www.thirdbrigade.com.

Of the three, we're looking the hardest at Third Brigade so far.  I'll be
interested to here of your experience with CSA if you decide to demo or
purchase it.

Jason Richardson
Information Security Manager
University of South Carolina
University Technology Services
jasrich () sc edu 
803-777-0392

flynngn () JMU EDU 01/11 3:30 PM >>>

Anyone be willing to comment on experiences with Cisco Security
Agent or other Host Intrusion Prevention software?

I'd like to put it on things like domain controllers, authentication 
servers, management servers, and high value, internet facing servers.

Of course, reliability is a significant concern with those
applications.


-- 
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Current thread:

Cisco Security Agent and other HIPS Gary Flynn (Jan 11)
- <Possible follow-ups>
- Re: Cisco Security Agent and other HIPS Jason Richardson (Jan 19)
- Re: Cisco Security Agent and other HIPS Dave Koontz (Jan 19)
- Re: Cisco Security Agent and other HIPS David Grisham (Jan 19)
- Re: Cisco Security Agent and other HIPS John Turner (Jan 20)
- Re: Cisco Security Agent and other HIPS Dan Roberts (Jan 23)