I may be inheriting a number of Cisco ASA firewalls to manage. I know ASA well enough, but one of their major concerns is the IPS functionality and doing security monitoring. In the past I've just dumped the stuff to Syslog and into a SIEM device.
Currently, I have some staff who are monitoring a bunch of Palo Alto firewalls using Panorama, which is a great tool to do reporting, drill down on sessions, threats, etc.
What exists for Cisco devices to monitor the IPS? How do I know when there are critical threats found by IPS? Can I drill down into sessions in a similar way to Palo Alto?
I don't know what they have installed. Is there a built-in console that lets you look at IPS log data? Is there one for session/traffic data? Is there a central manager that lets you do this for all devices at several remote sites, or do I need to spend $50k getting a SIEM device in place?
Any thoughts?
Thanks!
Currently, I have some staff who are monitoring a bunch of Palo Alto firewalls using Panorama, which is a great tool to do reporting, drill down on sessions, threats, etc.
What exists for Cisco devices to monitor the IPS? How do I know when there are critical threats found by IPS? Can I drill down into sessions in a similar way to Palo Alto?
I don't know what they have installed. Is there a built-in console that lets you look at IPS log data? Is there one for session/traffic data? Is there a central manager that lets you do this for all devices at several remote sites, or do I need to spend $50k getting a SIEM device in place?
Any thoughts?
Thanks!
Facebook
Twitter