Cisco Sourcefire

Started by AnthonyC, February 03, 2015, 07:26:46 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

AnthonyC

February 03, 2015, 07:26:46 AM
Has anyone deployed Sourcefire, in particularly the Cisco FirePOWER on the ASA-X platform?  If so how was it?  Also how is Sourcefire compared to plain old SNORT or other IDS?
"It can also be argued that DNA is nothing more than a program designed to preserve itself. Life has become more complex in the overwhelming sea of information. And life, when organized into species, relies upon genes to be its memory system."

deanwebb

#1
February 03, 2015, 11:58:42 AM
We are looking at that product right now. I'll let you know when we have our test results completed.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

jinxer

#2
February 05, 2015, 01:18:06 PM
Would be nice to see a review... We have been thinking of going that way.. But unsure if it might be to early.


Sent from my iPhone using Tapatalk

deanwebb

#3
February 05, 2015, 07:41:56 PM
Well, we pointed a Spirent at it, full blast, and it started puking packets. Looks like we'll need to do some tuning for further testing...

For the record, the Palo Alto also puked in roughly the same fashion at the same time into the test. The Fortinet guy couldn't get his gear set up properly and the Stonesoft died at much lower transmit rates than what blew up the Sourcefire and the Palo. Those are the four we're testing.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.

AnthonyC

#4
February 05, 2015, 09:21:59 PM
Quote from: deanwebb on February 05, 2015, 07:41:56 PM
Well, we pointed a Spirent at it, full blast, and it started puking packets. Looks like we'll need to do some tuning for further testing...

For the record, the Palo Alto also puked in roughly the same fashion at the same time into the test. The Fortinet guy couldn't get his gear set up properly and the Stonesoft died at much lower transmit rates than what blew up the Sourcefire and the Palo. Those are the four we're testing.

A common design within the DC would be to place something like a F5 that acts as a stateless FW that can handle the traffic, then behind it put either internal FW and/or IDS/IPS.  You also get TLS offload that way which is a requirement for the IDS anyway.
"It can also be argued that DNA is nothing more than a program designed to preserve itself. Life has become more complex in the overwhelming sea of information. And life, when organized into species, relies upon genes to be its memory system."

deanwebb

#5
February 06, 2015, 09:19:40 AM
True, but we want to see what these guys could take all on their own, since they're advertised as a one-box solution.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions