1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Sourcefire 3D IPS/IDS/NAC/NBA suite

Discussion in 'Computer Security' started by zebulebu, Jun 6, 2007.

Click here to banish ads and support Certforums by becoming a Premium Member
  1. zebulebu

    zebulebu Terabyte Poster

    Is anyone here running any of Sourcefire's stuff on their network? (other than a home-rolled Snort box)

    I went to one of their briefings at Old Trafford today (walked right past fergie's office on the ground tour and went in the changing rooms too - but didn't have the cojones to take a piss in the corner :twisted:

    I was mightily impressed - I've been doing a bit of research on them for the past few months cos I have installation of an enterprise-class IDS system on my roadmap at work for Q4 this year or Q1 next so i sort of knew what to expect, but it was still really good to see it demonstrated in real-time, with Sourcefire's nerds there rather than a load of salesmen.

    However, a lot of NAC stuff is snake oil - you can spend months setting it up and monitoring it can easily be a full time job in and of itself, so if anybody runs any of their stuff at work I'd really like to know how it performs in the real world. We've got our own NAC in place at the moment, but its hideously complex (Mirage), so its only in Learning mode still - i haven't had the nerve to switch it over to mitigation mode yet cos I don't much fancy someone ringing me up at 3 AM to tell me a server's not working because its been placed in a 'deny comms' blacklist :rolleyes:

    I'm specifically interested in the NBA (Network Behaviour Analysis) features - when they were demonstrated I could instantly see numerous benefits to them as they allow you to baseline your network for a while - which allows you to see any incongruities and mitigate against them ahead of time before everything settles down, giving you a 'static picture' of what your network should look like. This looks like it would really aid me when i come to deploying it - and hopefully eliminate the 'nasty surprise' factor of dropping a NAC box into a network then crying as it tarpits all your servers!

    Any advice or feedback would be greatly appreciated.

    Certifications: A few
    WIP: None - f*** 'em

Share This Page