Botnet traffic filter vs IPS

Answered Question

Hello,



Please suggest me the advantage of using / whether it would be beneficial If I use botnet traffic filter feature of ASA in comparison to cisco IPS.



Regards,

Correct Answer by Michael Dombek about 6 years 11 months ago


v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Normale Tabelle"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

I would prefer the IPS solution since you can handle a larger array of threats.

Last thing I know about the botnet filter for the ASAs this solutions is just denying traffic to known botnets - so it does not stop your PCs from getting infected just prevents that the "talk" to botnets.

With an IPS you could prevent infections depending on the way they arrive in your network and additional secure against other threats. So my vote would be for the IPS or if you can spare the money both

Cheers Michael

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Michael Dombek Mon, 07/05/2010 - 03:31
User Badges:


v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Normale Tabelle"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;}

I would prefer the IPS solution since you can handle a larger array of threats.

Last thing I know about the botnet filter for the ASAs this solutions is just denying traffic to known botnets - so it does not stop your PCs from getting infected just prevents that the "talk" to botnets.

With an IPS you could prevent infections depending on the way they arrive in your network and additional secure against other threats. So my vote would be for the IPS or if you can spare the money both

Cheers Michael

Actions

This Discussion