This past year we
purchased and installed a Cisco 6509 blade switch and two other 4000 series
blade switches. This next year I'm considering purchasing the IDS module.
If you're
currently using this product could you please give me your opinion on this
product. Your answers will no doubt trigger some addtional questions from me.
The solution:
The IDS module is
pretty good, but what exactly will you be using IDS for ?
It's a forensics
tool, and should be considered nothing else.
Although it supports TCP resets and session termination, there are
sooooo many false positives generated by such things you would never ever want
to turn these on, so in effect, most IDS purchasers are left with an advanced
sniffing box.
Even Gartner
recommend that companies should no longer make large investments in IDS.
The way forward
is inline IPS - false positives are vastly reduced and you can actually take
action and start blocking anomalous traffic without killing valid sessions.
..and yes, I've
used the blade and all other 42xx Cisco IDS's.
Don't underestimate the time you need to set these things up, plus the
24/7 monitoring you would inevitably need to stay on top of things.
Customers interested in purchasing Cisco modules or the price, please refer to below links:
