Re: NGFW Usage Information

["Hall, Rand" <hallr () MERRIMACK EDU>]

We're on our second pair of Palos (which followed one generation of ASA,
one of PIX, and one miserable Checkpoint).

Love, love, love it. Next gen deliciousness:

match_time: 04/19/17 08:31:44
serial: 002201000424
device_name: PA-5050-1
type: CORRELATION
vsys: vsys1
vsys_id:
dg_hier_level_1: 0
dg_hier_level_2: 0
dg_hier_level_3: 0
dg_hier_level_4: 0
srcuser: merrimack\meloj
src: 10.1.38.216
object_name: WildFire C2
object_id: 6002
category: compromised-host
severity: high
evidence: Host visited 1 URLs including: www.secularistsarakolet.site/.
This is consistent with callback behavior discovered by WildFire during
analysis of a malicious file (sha256:7bd687d416888d03a46964434e07c1
b1f334a796218753e510f8fffe8c2d6c2c) received by another host on the network.


Rand

Rand P. Hall
Director, Network Services                 askIT!
Merrimack College
978-837-3532
rand.hall () merrimack edu

If I had an hour to save the world, I would spend 55 minutes defining the
problem and five minutes finding solutions. – Einstein

On Wed, Apr 19, 2017 at 9:46 AM, Pardonek, Jim <jpardonek () luc edu> wrote:

> I’ve finally been able to convince our leadership to pursue swapping out
> our IPS and ASA’s for a set of next gen firewalls.  We are still in the
> evaluation phase and as a part of our evaluations we are asked by senior
> leadership to quert other universities to get a barometer of what is being
> used.  If you would (and you can PM me) let me know if you have a NGFW and
> what it is (not needing specifics)  It will help us with our decision.  The
> 3 we looked at were Palo Alto, Check Point, and Cisco Firepower.
>
>
>
> Appreciate any responses in advance!
>
>
>
> Best,
>
>
>
> Jim
>
>
>
> *James Pardonek, MS, CISSP, CEH*
>
> *Information Security Officer*
>
>
> * Loyola University Chicago  1032 W. Sheridan Road | Chicago, IL  60660 *
> * (**: (773) 508-6086 <(773)%20508-6086>*
>
> *[image: standard_isc2_cissp]*