06-02-2011 02:35 PM - edited 03-10-2019 05:22 AM
We' re about to acquire IDSM-2 and wondering what seasoned idsm-2 admins have to share about it.
So far, i've had comments ranging from complaints to quite satisfied admin experiences:
-It's hard to make signatures tunings
-Even when signature tunning has been accomplished (to certain level) , quantity of false alarms are outrageous
-Dependency on cisco mars to obtain meaningful reports
Some questions:
What are your general opinion about IDSM-2
Is Cisco IPS Manager Express enough for your reporting needs on a daily basis?
Thanks
DJY
06-02-2011 06:20 PM
The IDSM-2 isn't really that different from any of the other Cisco IDS/IPS platforms. They all run the same system software and management clients, and generally have a standard set of features. As for the comments you've gotten (difficult to tune, false alarms, poor built-in reporting) - those issues are not specific to the IDSM-2. If someone has those kinds of complaints, they would have them with any of the Cisco IDS/IPS products.
Are you definitely getting the IDSM-2? Or is your company still in the decision-making process?
BTW - in my opinion, the design/deployment phase is critical in getting the most out of your IDSM-2 - even moreso than with a dedicated appliance or ASA module. You have to be thorough when choosing how to configure it (inline/passive, placement, etc), and ensuring you're going to see the right traffic. Be sure to take the time to do it right.
06-03-2011 08:29 AM
I aggree with Michael. The only thing I'd add is: keep your traffic at or below 250Mb/s per IDSM. Whe you run more than 250-350 Mb/s thru it you'll see dropped packets on the interface.
- Bob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide