There is an alternative that we are looking into called Lightspeed - www.lightspeedsystems.com. Their Total Traffic Control appliance comes complete with a CSA-like agent. We are about to start testing it so I can't really tell you how it works but it is a lot cheaper.
Brian -----Original Message----- From: Kern, Tom [mailto:[EMAIL PROTECTED] Sent: Monday, December 13, 2004 3:06 PM To: ActiveDir (E-mail) Subject: [ActiveDir] OT: intrusion prevention my company is looking at getting cisco security agent for intrusion prevention. Personally, at $60,000, I think its a bit much. does anyone have any cheap intrusion prevention software they use out there? or can you lockdown your desktops enough via GPO's and good AV? we get alot of bots lately on our network. these bots infect fully patched boxes and start making outbound requests on ports 445 and 6667 flooding our network to a crawl and sometimes even DOSing our firewall. as i've said, they even infect patched pc's with fully updated AV defs(Symantec corporate 9.0). the attraction to cisco is that(according to cisco marketing..), an client agent is installed which will stop the action of any unauthorized app or service from running and alert an admin. still, i think there's got to be a cheaper way to stop this stuff. any ideas(or personal experience with cisco agent)? thanks List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/