In my humble opinion, the only variable that should influence your decision is liability. But i guess it is more complicated than that. This as we no longer have a IT department monitoring at all times. With the only interaction needed being to keep the software up to date. As it mostly is running today, SNORT with automatically updating rulesets. Just trying to make sure that we take the correct decisions for our business and not just blindly following consultant advice potentially ending up with overly complicated expensive solutions that requiring me to submit tickets every single time I want to for example assign a fixed DHCP address to a MAC address.Īs for the IPS side of things, ideally I was hoping for something that was that could be set and forget. For a separate IPS, would that be a hardware device inline before or after the firewall ? Forgive me, this is probably a stupid question, as mentioned i am not a network guy.
So in essence Cisco IPS is SNORT running in inline mode with cisco rulesets ? I am under the impression that pfSense 2.5 enables the possibility of running inline mode SNORT as well ? Would a good SNORT subscription ruleset running inline on pfSense be similar in performance as Cisco IPS ? Please forgive me if it seems like i do not know what i am talking about, my degree is not in IT :) I have only just recently had to take some responsibility on the sysadmin side of things since the consultant company we have hired does not yet know our system fully and have painfully slow response time on tickets. Is the threat prevention package that Cisco (or other NGFW soultions) good enough to actually make an impact on threat level compared to a pfSense firewall with SNORT rulesets ? So intrusion prevention is a big selling point for us. We have SNORT running on our pfSense setup with subscriber rulesets and openappid.ĭue to the nature of our business we have a rather large data library (think petabytes) and are a potential target for industrial espionage and ransomware attacks. Is Cisco vastly superior on malware, intrusion and ransomware prevention compared to pfSense?
I do however not have enough competence on this to judge how the threat detection and prevention systems compare between pfSense and a Cisco solution. I am kind of hesitant since i think that our pfSense firewalls are working fine and are user friendly enough for me to do some of the basic stuff without us always needing consultant help. They are also not as comfortable maintaining pfSense systems and would like us to switch to "a enterprise solution" such as Cisco that they are more used to work with. Due to a rather large downscaling we have recently had to hire a outside company to handle our IT infrastructure and the consultant company is pitching to our management that pfSense firewalls are not capable to handle modern security treats and is our current biggest security risk.
0 kommentar(er)
