Re: Cisco CSA

From: professor buddha (pbuddha13_at_yahoo.com)
Date: 05/27/04

  • Next message: acrypto: "Permissions and rights for security professionals inside organizations"
    Date: Thu, 27 May 2004 08:25:03 -0700 (PDT)
    To: securinet2004@yahoo.ca
    
    

    Cherian,

    Depending on your scenario, CSA would probably do what
    you want. Out of the box it comes programmed with
    rules to stop most malicious behaviour and like you
    said operates on these behaviours and not signatures
    so there is no subscription or maintenance required in
    that respect. So that doesn't necessarily mean it can
    stop machines from being infected 100% of the time but
    even when a machines becomes infected it will stop it
    from replicating(ie. CSA says why are we trying to
    send these packets to p445 on all these computers, we
    shouldn't be doing this, either deny or prompt the
    user...)

    The caveat comes in fine-tuning the rules specific to
    your organization and the different tasks that
    different folks do and how they comply with the
    standard out-of-th-box rules... You will probably find
    that you will have to make a lot of exceptions to the
    rules for certain users so they can actually do their
    work.

    Overall I would say CSA does exactly what they say it
    should, but is relatively resource intensive and
    atleast initially required a decent amount of support.
    A new version with several key improvement is slated
    to come out in september i think. Another product to
    look into might be Sygate's Enterprise Enforcer...

    Hope that helps,
    Matt

    ______________________________________
    Hi,
      
    Can anyone give me some feedback on the Cisco Security

    Agent. This product claims to stop malicious behaviour

    on machines infected by any malware.
      
    We were recently hit pretty hard by Sasser. Cisco has
    since been trying to sell us this product as a
    heuristic solution to malicious activity on the
    network. The product does not depend on any signature
    updates and is entirely behavioural.
      
    Cisco puports to have successfully stopped Sasser from

    doing any damage.
      
    Can anyone confirm this to be a fact. The product does

    not come cheap.
      
    Thanks in advance.
      
    Regards
      
    Cherian

            
                    
    __________________________________
    Do you Yahoo!?
    Friends. Fun. Try the all-new Yahoo! Messenger.
    http://messenger.yahoo.com/

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: acrypto: "Permissions and rights for security professionals inside organizations"