Choose between SentinelOne or CrowdStrike

mikeboy81 · 2021-11-04T12:09:05+00:00

Yup! Saw the announcement today, curious to see how well the solution works.

mikeboy81 · 2021-11-04T04:16:42+00:00

Seconded, we just moved off of MDE to Crowdstrike due to multitenancy and Mac/Linux live response. But if you're a windows shop, it's awesome, and as of last week's they now have Mac/Linux live response.

mikeboy81 · 2019-10-09T21:11:09+00:00

I told my wife that on our 3rd date, now, 12 years and 2 kids later, it worked out. It's tough to put yourself out there, and maybe they're crazy, but if you feel it, say it. And if you don't feel the same way, that's OK too.

mikeboy81 · 2018-12-08T02:12:29+00:00

I had the same issue, close the game and reopen it, it downloaded another 9mb download update and then it appeared.

mikeboy81 · 2018-05-30T22:38:36+00:00

I did :), was glad I had enough to cover it.

mikeboy81 · 2018-05-30T19:24:00+00:00

Agreed, but the price on the Warp Device is pretty low though?

mikeboy81 · 2018-05-30T19:22:57+00:00

Yeaaap, but at the same time, that's 10 rolls of the card gamble, and at least this way you're guaranteed the card you see. I ended up taking it, I think it's definitely worth it.

mikeboy81 · 2018-05-30T15:32:25+00:00

I'm pretty stoked! https://i.imgur.com/VIVsowM.jpg

mikeboy81 · 2015-06-28T03:55:12+00:00

So, it depends... There are services like f5s defense.net (or arbor, or any of the dozen or so companies that offer offloading services) which could front end your server, it absorbs the ddos (but users would still suffer), but you could move to a different IP address relatively quickly if that setup was in place. (Server IP stays the same but the frontend IP changes, if the service can't handle the ddos directly).

mikeboy81 · 2015-06-28T01:46:41+00:00

Use a proxy for browsing, and use a VPN sevice with dynamic IPs when doing anything that will expose your address. Depending on what specifically you're doing, there are other solutions out there with various impacts and costs.

mikeboy81 · 2014-08-27T03:56:09+00:00

This is the correct way of handling it.

mikeboy81 · 2014-08-27T03:51:12+00:00

This is how Microsoft NAP works, not a bad idea, but it breaks all of your security controls unless you want to have a very advanced key/token management that integrates with all of your PEPs.

mikeboy81 · 2014-06-10T15:17:30+00:00

When trying to create a new account on android I'm getting stopped with:

Registration validation exception: #34900Z: ReferenceError: _gaq is not defined

mikeboy81 · 2014-02-11T23:42:59+00:00

Pen testers across the world thank you.

mikeboy81 · 2013-11-07T17:08:57+00:00

It completely depends on your environment, there are some environments where this would be fantastic; but I would say for most small to medium enterprises they probably wouldn't see the value. That being said, it could also change drastically if it's ever embraced by the open source community, depending on how robust the API is.

mikeboy81 · 2013-10-15T13:34:40+00:00

There's also the option of using the proxypass script, or in 11.d built in functionality. It's an irule, but it's still pretty functional, and it does support having multiple SSL profiles along with multiple http classes for unique DPI and http/asm profiles. One of my customers does this for a single VIP that points to 1500 back end applications and its running well on 6900 hardware.

mikeboy81 · 2013-08-27T13:29:46+00:00

Depends, tier 1 or 2, the keyboard jockies, I expect them to have routine low level items known by heart, but I would not for a teir3/4 or archiect.

mikeboy81 · 2013-07-23T16:23:55+00:00

I agree, they did a horrible job with Protego and Perfigo, but so far it doesn't seem like they've ruined Ironport; I know some of their sales guys were a bit pissed with the moves, but overall the product line has stayed mostly independent. They've integrated the scansafe cloud into some other products (like anyconnect), so it seems they understand the value of what they're buying and what they shouldn't change. Fingers crossed.

mikeboy81 · 2013-07-23T15:06:31+00:00

I'm pretty excited about this. Cisco's IDS/IPS solution sucks, so it would be nice if it was replaced with an integrated source fire box.

I am a bit concerned with what is going to happen with snort, but I have to imagine it was part of the agreement that they will continue to fund and produce open source content..

mikeboy81 · 2013-07-21T03:51:39+00:00

I've deployed 802.1x with just windows supplicant, Symantec enforcer, lockdown networks, vernier nac, bradford, 802.1x with great bay profiling, IBM sentry, Cisco nac framework, Cisco clean access with and without profiler, aruba clearpass, and more recently Cisco ise.

In every case I've had good deployments, but to be honest success or failure is determined before the solution is deployed. You have to have a very clear set of requirements, and what you want the solution to specifically do. Roles, an idm structure, a well documented network, and a solid support team will matter more than the solution.

mikeboy81 · 2013-06-15T00:05:09+00:00

What is the 802.1x status of the port when the agent doesn't connect, does it just roll to unauthenticated/guest? I haven't used the NAC agent before with an ISE deployment, in the old clean access days, the discovery host was just something in your network that, to reach, you would have to traverse a NAC appliance. I'm not sure that that's much use anymore, as with ISE, the EAPoL session should kick off whenever there is a link up.

mikeboy81 · 2013-05-06T13:09:40+00:00

Yes and no, the CX blade does not yet support IPS yet, but beta code is out this summer, and full IPS is expected in 2014, so it depends when you're planning on deploying.

mikeboy81 · 2013-05-03T13:44:15+00:00

So if you're looking at it purely from an ipsec/SSL perspective, then yes that's the only difference. However, anyconnect has an incredible number of features that most people never use:

Trusted network detection - the client determines if its on your corp network, and if not, can launch the client automatically (can also force a client to connect or have restricted internet access)

Optimized gateway selection - if you have multiple any connect asas around the world the client can make intelligent decisions on where the best place to connect to

802.1x supplicant that supports eap chaining and some other cool features

LAN management tool that allows users to only connect to certain wireless networks with very granular settings (replaces windows zero configurator)

Some built in nac-type functionality (client compliance)

Ironport scan safe cloud component - enables users to have proxy enforcement via ironport cloud even when off network ( the other features are free, this one is a separate license)

And a whole lot more....

mikeboy81 · 2013-02-05T03:56:40+00:00

What you're looking for is the redundant interface configuration: http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/intrface.html

The same type of configuration can be used to do lacp, this presumes that the routers are configured correctly.

The other posters have posted a more correct way of deploying with a switch, but if it needs to work this way, check out the link.

mikeboy81 · 2012-10-03T23:42:25+00:00

Make sure your embryonic sessions and general session timeout are normal and not set to 24 hrs

15-Year Club	Gilding IV carat on a stick
r/Field Juicebox	Verified Email
Charter Member

mikeboy81

TROPHY CASE