Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
223
Views
0
Helpful
2
Replies

CSPM replaced by IDM?

s.carruthers
Level 1
Level 1

‎09-18-2003 04:41 PM - edited ‎03-09-2019 04:51 AM

I have been told that for the upcoming CCIE security lab, once they add the IDS sensor to it, will only focus on IDS device maanager and there will be nothing on the policy manager. Can anyone confirm this? And being new to IDS, is this also the case in the field? Has IPM replaced CSPM by a large extent in real world implementations?

Labels:
0 Helpful
2 Replies 2

yusuff
Cisco Employee
Cisco Employee

‎09-18-2003 07:52 PM

I can confirm this in context to CCIE.

IDM is going to be used and not CSPM in the lab.

R/Yusuf

0 Helpful

marcabal
Cisco Employee
Cisco Employee
In response to yusuff

‎09-19-2003 08:34 AM

And in answer to real world.

Version 4.x of the sensors can not be managed by CSPM or the older Unix Director.

The only options available for managing the 4.x sensors are:

1) IDM (Intrusion Detection Device Manager) which runs from within a web server directly on each sensor and designed for configuring that one sensor.

(used by many customers with small deployments)

2) IDS MC (Intrusion Detection System Management Cetner) which is part of VMS (VPN and Security Management Solution). It is also web based and designed for configuring multiple sensors.

(used by most customers with multiple sensor deployments)

The options available for monitoring:

1) IEV (Intrusion Detection Event Viewer) which is a Windows based application for viewing alarms from up to 5 sensors.

(used by many of the same users as IDM)

2) SecMon (Security Monitor) which is part of VMS. It is web based and designed for viewing alarms from larger sensor deployments.

(used by the same users as IDS MC)

3) CTR (Cisco Threat Response) which is a web based application on a windows machine. It designed to receive alarms from up to 5 sensors and then do end target verification to determine if the attack was successful. This is currently a trial version. (several users are currently evaluating and using this technology)

4) SIMS (Cisco Security Information Management Solution) which is also web based and designed for monitoring of larger deployments. It is an OEM of the product from NetForensics.

5) Other vendors. There are several other vendors of security monitoring software that are able to receive our IDS alarms and display them in their viewer.

CSPM and Unix Director are not able to communicate using the new protocol over HTTP(S) used for configuring and monitoring the version 4.x sensors. Customers using these tools are encouraged to upgrade to VMS with IDS MC and SecMon.

0 Helpful
Customers Also Viewed These Support Documents