RE: Cisco CSA

• Previous message: Yoo, Gene: "RE: Computer Forensics Consulting"
• Maybe in reply to: Cherian Palayoor: "Cisco CSA"
• Next in thread: Ayers, Diane: "RE: Cisco CSA"
• Reply: Ayers, Diane: "RE: Cisco CSA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 27 May 2004 13:49:08 -0400
To: "Damon Brinkley" <dbrinkley01@rowan.org>, "Cherian Palayoor" <securinet2004@yahoo.ca>, <security-basics@securityfocus.com>

I use CSA in my environment. It has its good points and bad points. It
will definitely stop viruses and the like from infecting your computers,
but it will also stop legitimate traffic as well. I definitely do not
worry about my critical servers on which the CSA is running. There is a
learning phase where you spend a lot of time monitoring logs and
tweaking the rules database. If you do choose CSA and deploy, it can
easily become a full-time job depending on the size of your deployment.

Dave Gonsalves
Information Security Officer
Eagle Investment Systems
www.eagleinvsys.com

The information contained in this e-mail may be confidential and is
intended solely for the use of the named addressee.
Access, copying or re-use of the e-mail or any information contained
therein by any other person is not authorized.
If you are not the intended recipient please notify us immediately by
returning the e-mail to the originator.

-----Original Message-----
From: Damon Brinkley [mailto:dbrinkley01@rowan.org]
Sent: Thursday, May 27, 2004 8:55 AM
To: Cherian Palayoor; security-basics@securityfocus.com
Subject: RE: Cisco CSA

Here's an article that ran recently in Network Computing that can
probably help you.

http://www.nwc.com/showitem.jhtml?docid=1508f2

Damon Brinkley
Systems Administrator
Rowan Regional Medical Center

-----Original Message-----
From: Cherian Palayoor [mailto:securinet2004@yahoo.ca]
Sent: Tuesday, May 25, 2004 7:35 PM
To: security-basics@securityfocus.com
Subject: Cisco CSA

Hi,
 
Can anyone give me some feedback on the Cisco Security Agent. This
product claims to stop malicious behaviour on machines infected by any
malware.
 
We were recently hit pretty hard by Sasser. Cisco has since been trying
to sell us this product as a heuristic solution to malicious activity on
the network. The product does not depend on any signature updates and is
entirely behavioural.
 
Cisco puports to have successfully stopped Sasser from doing any damage.
 
Can anyone confirm this to be a fact. The product does not come cheap.
 
Thanks in advance.
 
Regards
 
Cherian

______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca

------------------------------------------------------------------------

---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off any course! All of our class sizes are guaranteed to be 10 students
or less to facilitate one-on-one interaction with one of our expert
instructors. 
Attend a course taught by an expert instructor with years of
in-the-field pen testing experience in our state of the art hacking lab.
Master the skills of an Ethical Hacker to better assess the security of
your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Yoo, Gene: "RE: Computer Forensics Consulting"
• Maybe in reply to: Cherian Palayoor: "Cisco CSA"
• Next in thread: Ayers, Diane: "RE: Cisco CSA"
• Reply: Ayers, Diane: "RE: Cisco CSA"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]