IDS mailing list archives
RE: CISCOs new IPS
From: Barnes Brandon A1C AFWA/SCHS <brandon.barnes () afwa af mil>
Date: Fri, 17 Dec 2004 08:55:57 -0600
Christoph, I can tell you from real world experience that Cisco has not been the best choice for IDS/IPS. Their IDS (specifically, the network appliances) seem to have been a knee-jerk reaction to market demand. Like most of Cisco's products lately, there's little innovation on their side and a lot of money being thrown at smaller companies that may not have a wholly developed product. Their support has been very lack-luster. We actually allowed one TAC case to go on for months with no response. Finally, we voiced our frustration to our area Cisco reps, that finally (sort of) got things done. It got us a response from our TAC Engineer, but the issue fixed itself (magic, I know.) This is how most issues have been with the IDS. The TAC engineer can't figure it out so we either have to rebuild our Cisco Works server, reload our appliances, or just wait for it to fix itself. In that same meeting with the Cisco reps, they assured us that our devices were no where near end of life. An announcement from Cisco about a month ago has proclaimed the death of the IDS line (specifically the products we have) and their movement towards IPS. A specific problem we've had is with the IDS module for Cisco Works. This software seems to be delicately stuck together with toothpicks and bubble-gum. Cisco just recently came out with (but failed to inform us) a 2.0 version of the software. On paper it looks great. Fixes all the problems we've had and adds features that address our annoyances. I'm glad we didn't load it on our production server. Setting it up in the lab we got everything setup, only to find we can't even bring the event viewer up. Apparently 2.1 and 2.3 are coming soon. Because of all this we've recently been in the market for a replacement. We've been doing a lot of research as well as our own testing. Everything we've read about the Cisco IPS screams "stay away." It's often the lowest rated system out of those tested. I hoped this helped allow you a good perspective. I hope that you find information on both sides as we are just one source. -Brandon -----Original Message----- From: Christoph Pertl (tm011081) [mailto:tm011081 () fh-stpoelten ac at] Sent: Wednesday, December 15, 2004 00 32 To: focus-ids () securityfocus com Subject: CISCOs new IPS Hi, I'm right now in the middle of a Project with the goal to implement an IPS in an existing infrastructure. One of our possible Partners offers us the new IPS Product from Cisco. Does anyone of you now something about this machine or at least about the older IDS-Box because I think the Inspection Engine will be the same? Any Information about how well it performs in a real environment would be great Christoph -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: CISCOs new IPS Barnes Brandon A1C AFWA/SCHS (Dec 17)
- <Possible follow-ups>
- RE: CISCOs new IPS Tony Torri (Dec 20)