RE: Cisco CSA
From: Gary Freeman (Gary.Freeman_at_rci.rogers.com)
Date: 05/28/04
- Previous message: Murad Talukdar: "Re: Removing Local Admin Rights..."
- Maybe in reply to: Cherian Palayoor: "Cisco CSA"
- Next in thread: Dante Mercurio: "RE: Cisco CSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 28 May 2004 08:29:18 -0400 To: <bryan_khoo@dynacraft.com>, "Cherian Palayoor" <securinet2004@yahoo.ca>
I agree with Bryan,
Better to use an inline distributed solution to a major problem like
worm propagation than try to police every workstation. We have a
standard desktop with McAfee and Microsoft updated via a scheduler. CSA
is fine for systems running Cisco's agent but what about vendor laptops
or rogue systems that don't adhere to the corporate policy. They (in
our experience) are the usual suspects when faced with systems that
don't conform to our policy.
We use IDS (haven't chosen an IPS vendor) and NetScout to watch the
network core and all of the remote edge networks for worms. We are also
analyzing netflow statistics with Arbour now to detect infected
workstations.
Cisco pitched us on CSA last year when we had Nachi and they had just
acquired the product. The product falls short of meeting all
requirements and in the final analysis, added more over-head to desktop
management.
// Gary Freeman //
-----Original Message-----
From: bryan_khoo@dynacraft.com [mailto:bryan_khoo@dynacraft.com]
Sent: Wednesday, May 26, 2004 8:18 PM
To: Cherian Palayoor
Cc: security-basics@securityfocus.com
Subject: Re: Cisco CSA
Hi Cherian,
You can look into product like IPS. I think it should be
better than CSA.
Rdgs,
Bryan
*** TOWARDS CUSTOMER CENTERED CULTURE ***
** Dynacraft is a QS9000 and ISO14001 certified company **
|---------+---------------------------->
| | Cherian Palayoor |
| | <securinet2004@ya|
| | hoo.ca> |
| | |
| | 05/26/2004 07:35 |
| | AM |
| | |
|---------+---------------------------->
>-----------------------------------------------------------------------
----------------------------------------------------------------------|
|
|
| To: security-basics@securityfocus.com
|
| cc:
|
| Subject: Cisco CSA
|
>-----------------------------------------------------------------------
----------------------------------------------------------------------|
Hi,
Can anyone give me some feedback on the Cisco Security
Agent. This product claims to stop malicious behaviour
on machines infected by any malware.
We were recently hit pretty hard by Sasser. Cisco has
since been trying to sell us this product as a
heuristic solution to malicious activity on the
network. The product does not depend on any signature
updates and is entirely behavioural.
Cisco puports to have successfully stopped Sasser from
doing any damage.
Can anyone confirm this to be a fact. The product does
not come cheap.
Thanks in advance.
Regards
Cherian
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
------------------------------------------------------------------------
--- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- "Visit Our Website at :- www.dynacraft.com" ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
- Previous message: Murad Talukdar: "Re: Removing Local Admin Rights..."
- Maybe in reply to: Cherian Palayoor: "Cisco CSA"
- Next in thread: Dante Mercurio: "RE: Cisco CSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
