Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cisco's NIDS Solution Grows Up: Page 2 of 3

It appears Cisco has been listening to its end users when it comes to aggregating event data. VMS can both manage and receive logs from a variety of Cisco devices, including IDS sensors, PIX firewalls and VPN products. Although VMS does not have any of the correlation capabilities found in products from companies such as ArcSight, GuardedNet and netForensics Corp., simple aggregation functionality is a step in the right direction.

Nothing's Perfect

Cisco says the 4250 sensor can inspect up to 550 Mbps of traffic, and says it plans to have a "line-speed" sensor shipping by later this quarter. Our 4250 and VMS console performed flawlessly for weeks. However, when it came time to update our sensors we ran into a few problems. Although VMS is more advanced on the updating front than its predecessors, it cannot automatically identify and download new signature sets. Administrators must upgrade both the sensors and the management console manually. We also ran into some snafus when we decided to readdress our sensor and console deployment: a complete reinstall of the VMS solution was required. Cisco needs to fix both the updating and readdressing problems in future versions.

Vendor Info
n Cisco Intrusion Detection System (IDS) 4250, starts at $25,000. CiscoWorks VPN/Security Management Solution, starts at $7,995. Cisco Systems, (408) 526-7208, (800) 553-6387. www.cisco.com

Overall we're pleased with the direction Cisco is taking with VMS, but we still see room for improvement. The user interface needs a lot of work: The Web-based forms aren't nearly as usable as the Win32 menus found in VMS's predecessor (CSPM); there are multiple paths to the same destination; and it is easy to get lost when trying to understand what changes are "pending" and what changes have been "deployed."