Endpoint Protection

Just a short query but important,

Can Symantec EP IPS received requests from Cisco sourcefires IDS?

Kind Regards

the answer is no.

Symantec  team develops IPS signatures. The Symantec EP can get only updates from Symantec source.

No. Two separate products that do no interact with one another.

Cheers pete_4u2002 and pdf Dumps, I was under the assumption that Cisco and Symantec had some sort of collaboration in regards to this.  It kind of poses the question of why deploy two separate systems IDS\IPS it they don't talk to each other... Is it fair to say IDS is becoming less and less relevant in our current security dilemmas? 

Other than being located on a different segment of the Network what is the benefit of IDS on perimeter if IPS is on the inside. 

As the IPS offers the ability to identify an intrusion, relevance, impact, direction and proper analysis of an event, and then pass the appropriate information and commands to the firewalls, switches and other network devices to mitigate the event's risk

Has anything changed on the EPP with the aquisition on Bluecoat ;-). 

Client IPS and Network IPS uses two different approaches. A network IPS usually detects more, but with higher FP rate. It also protects your entire network and not just the clients. The Client IPS is more tuned to protect against known client attacks and block malware from communicating out. 

There are a lot of things happening with Symantec ATP. ATP allows email, SEP clients and Network to share data. 

Integration between SEP and  BlueCoat appliances are on the short term roadmap. Other vendors have been mentioned, but it´s all still not 100% clear which will be supported. I believe it will be more file data that will be shared and not IPS functionality. 

E.g bluecoat detecs a bad file on the network and tell all SEP clients to block it locally.  

ATP:Network is licensed seperatly. 

https://www.symantec.com/content/dam/symantec/docs/data-sheets/advanced-threat-protection-network-en.pdf