Test lab recommendations for in-line IPS environment

Unanswered Question
Sep 5th, 2007

In an enterprise using an in-line IPS deployment with CSM/MARS for mgt/mon of IPS devices, what is the recommendation for a lab to test IPS changes (signatures,filters,code,etc) in production? Looking for an enterprise perspective.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vkapoor5 Tue, 09/11/2007 - 10:15

Host-based intrusion detection and prevention devices provide MARS with detailed information about attacks seen at the host level, rather than the network level. They also provide information about the host operating system and successful prevention of attacks, both of which provide more targeted data for false positive analysis.

http://www.cisco.com/en/US/products/ps6241/products_user_guide_chapter09186a00804f7119.html

Actions

This Discussion