Lancope IPS

[nitrobass24]

Anyone know anything about these?

Just acquired a company that has this in place and we in the process of redesigning the network to fold them into our environment.

Would like to know if they are worth a damn or if we should replace them with ASA5550s w/ IPS module like we already have for our main locations.

Thoughts Please

 

[Valnar]

I always wanted the Lancope Stealthwatch product for my company but we couldn't afford it. If you acquired it for free, by all means keep it.

Of course, that doesn't mean its necessarily setup correctly, but its Netflow support and how it uses that to mimic a distributed IPS by using your own Cisco hardware is quite ingenious. Watch some of the demos on their site.

BTW, it's a good monitor/IPS/anomaly tool. AFAIK, its not a firewall. You'll still need something like a Cisco ASA if they don't have a totally different firewall as well.

 

[just2cool]

Yeah ... Stealthwatch is an AMAZING product, especially with how fast the thing can rip through netflow -- and we were throwing a lot of shit at it. Generally I despise network management products, but this has a very intuitive interface ... you almost can't hate it.

I did a 3 month demo at my old company ... but it was really damn expensive to roll out globally. We never did, but it was the most loved product next to splunk. Valnar is right -- it is not a firewall, it only monitors netflow for abnormal traffic patterns and alarms you of such and can trace it down very quickly. It also monitors normal traffic so you can keep track of what's going on in your network. At least that's what it was like 2 years ago.

Only other Lancope product I used was the syslog repeater. The interface kind of sucked but it did its job.

 

[nitrobass24]

OK cool thanks for the info everyone.