Educause Security Discussion mailing list archives

Re: IPS Solution

From: "Di Fabio, Andrea" <adifabio () NSU EDU>
Date: Tue, 5 Feb 2013 10:58:20 -0500

Jim,

 

You have a very good point, but I am a firm believer in not putting all my
eggs in one basket, and especially in trying to introduce new technology
into my environment. PA brought us UID, and Application Awareness, which
wasn't available in our ASA's. Additionally it brought features similar to
FireEye, when we were demoing a FireEye box :) Overall, we were able to
bring true new technology into our environment with budget that was
allocated to replace our ASA's. Now that we have budget to replace our older
TP IPS hardware, I am exploring solutions that can truly bring new IPS
technology into the mix, if such new technologies exist and can augment what
PA can do.

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Mayne, Jim
Sent: Tuesday, February 05, 2013 10:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IPS Solution

 

Andrea,

  I am just curious. Since you are so happy with PA's IPS features, why are
you still looking for dedicated IPS's instead of more PA's. What are they
missing or what do you want to get from a dedicated IPS that you are not
getting from your PA devices? 

 

  We are also now looking for alternatives to TP and are leaning towards PA.

 

Thanks,

Jim

 

From: The EDUCAUSE Security Constituent Group Listserv [
<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Di Fabio, Andrea
Sent: Tuesday, February 05, 2013 9:19 AM
To:  <mailto:SECURITY () LISTSERV EDUCAUSE EDU> SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IPS Solution

 

Here is my two cents, and I am hoping to stir up some good conversation with
respect to IPS solutions. We haven been using TippingPoint for many year.
After much testings, we recently deployed PaloAlto firewalls into
production. I must say that am EXTREMELY impressed with the FW performance,
ease of management, and suprisingly with its IPS feature and with WildFire.
I feel as if we were almost blind with respect to IPS, and now we have
gotten LASIK and we have gained much more visibility into what's going on on
our network. I have been a proponent of TippingPoint ealy in the days, and I
was very impressed with it, but I must say that TP is blind compared to PA.
I feel they are lacking a bit behind. I understand that TP is for heavy duty
IPS only, but what good is it, if it is almost blind?

 

As we revisit our IPS solution again, we are are looking to find dedicated
IPS hardware that comes close to the PA IPS features and visibility. Your
feedback is very much appreciated and your point of view very helpful. We
try to find solutions to augment our PA border firewalls with some dedicated
IPS with 'better that 20/40 vision' :)

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Michael Horne
Sent: Tuesday, February 05, 2013 8:39 AM
To: SECURITY () LISTSERV EDUCAUSE EDU <mailto:SECURITY () LISTSERV EDUCAUSE EDU> 
Subject: Re: [SECURITY] IPS Solution

 

We have been running a PaloAlto for over a year and are very happy with it!

 

From: The EDUCAUSE Security Constituent Group Listserv [
<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of King, Ronald A.
Sent: Monday, February 04, 2013 11:46 AM
To:  <mailto:SECURITY () LISTSERV EDUCAUSE EDU> SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] IPS Solution

 

We are about to begin investigating IPS solutions for our environment.  So
far, we are considering Sourcefire and HP/TippingPoint (yes, we are aware of
the problems since the acquisition).  I would like to ask the group for
their suggestions for a solution that could be used for a small to medium
sized EDU with 10 gig backbone and 1 gig to the internet.  If anyone would
like to include their reasoning for their choice, that would be helpful to
us. 

 

I would also like to state that any responses from corporate or reseller
companies will automatically eliminate them from consideration.

 

Thank you in advance.

 

 

Ronald King

Security Engineer

Norfolk State University

Marie V. McDemmond Center for Applied Research

Suite 401

555 Park Ave.

Norfolk, Virginia  23504

Phone:  757-823-3918

Fax: 757-823-2128

Email:  <mailto:raking () nsu edu> raking () nsu edu

 <http://security.nsu.edu> http://security.nsu.edu

Attachment: smime.p7s
Description:

Current thread:

Re: IPS Solution, (continued)
- Re: IPS Solution Michael Horne (Feb 05)
  - Re: IPS Solution Waddell, Stan Adolphus (Feb 05)
  - Re: IPS Solution Di Fabio, Andrea (Feb 05)
    - Re: IPS Solution Bradley, Stephen (Feb 05)
    - Re: IPS Solution Roger A Safian (Feb 05)
    - Re: IPS Solution O'Callaghan, Daniel (Feb 05)
    - Message not available
    - Re: IPS Solution Benjamin Parker (Feb 05)
    - Re: IPS Solution Biddle, Rob (Feb 05)
    - Re: IPS Solution Hall, Rand (Feb 06)
    - Re: IPS Solution Mayne, Jim (Feb 05)
    - Re: IPS Solution Di Fabio, Andrea (Feb 05)
- Re: IPS Solution Miller,James R (Feb 05)