How many are using CSA

[gsellis]

See Poll.

 

[Zugzwang152]

Not running it here, but I'm always interested in reviews/comments though.

 

[gsellis]

We are getting ready to upgrade to 5.2 (W2K3 server support, fixes for a couple of things we see like lost process id's in some tasks).

Me, I think it is probably up there with sliced bread on the creation category. It has found and stopped a couple of things that were missed by AV (older copies, sig not created yet). We use it with a rule set that allows for it to block traffic (like a firewall) when it is outside of the environment (cannot see the MC). That was a similar configuration to what kicked butt at one of the Blackhat challenge's one year. While sometimes tedious, the rootkit detection stuff works (5.2 has a fix for the false positive that we get about 15 per day of.)

It does take some corporate discipline though. VBScripts embedded in mail for folks to run, errr... NO (just because it is easy, doesn't make it right or sound practice.) Just because you can listen on a port does not mean that is the only way to get work done....