I got a PoC plan for my customer . This is Enterprise Company, Infrastucture is medium with 1000 user . They got firewall ASA, PaloAlto , using VPN connection for user, Got Mail Exchange system, Got Virtualization Server, Got ERP system.
when deploying at default IDS inline between firewall PaloAlto & Core Switch, NSP just saw some attacks like botnet, reconnaissance, P2P application like report which i attacked.
Sothat , My Customer asked me , what is most secure Policy for their system. Until now, i have configured Default All inclusive with audit Policy for them .
This is my first time PoC IPS Mcafee, anyone got experience please help me , give me some advices.
Thank a lot.
if you have a mcafee partner account you can download a poc guide which can help. Also, you can install a virtual ntba app which helps a lot for malware, bot detection. if you can, use an M-Series sensor so you can have more abilities. Additionaly, do not forget to enable http response scanning, advance botnet detection, layer7 data collection etc. Lastly, there is a McAfee Logon Collector for user awareness in threats. also there is integration with gti, epo, vulnerability manager etc. You have a lot to consider before a poc Good luck!