Home page logo
/

firewall-wizards logo Firewall Wizards mailing list archives

Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: Chris Blask <chris () blask org>
Date: Fri, 26 May 2006 10:12:10 -0400

At 09:11 AM 26/05/2006, ArkanoiD wrote:

nuqneH,

On Thu, May 25, 2006 at 08:24:17PM -0400, Marcus J. Ranum wrote:

My guess is that that VCs would split a rib laughing if someone came
to them with a business plan for a new firewall company. :) 

Damn sure. And maybe that's why we have nothing like "Gauntlet on steroids"
(flexible, expandable and supported with development team who is willing
to help to integrate it with any customer application) these days, though 
there definitely *is* some niche market demand for it.
.d.

We spend too much time complaining about the shape of the landscape, not enough time building communities that fit into 
it.

Why should any non-Infosec decision maker believe that our Perfect Firewall will make them safe?  It won't: they'll be 
hacked from the inside/wirelessly/through an unauthorized connection.  Nothing we as an industry have delivered is any 
better than anything else at making customer X safer from the risks they face, so why should they listen to us?  The 
only places to date we can (sometimes) actually provide decent security is where the dollars involved are so huge they 
justify the expense, or where someone who can follow this thread works (but then they get a new job, and their employer 
is screwed again).  Is it a shoe manufacturer's fault that our industry has produced no empirical metrics that would 
differentiate the qualities of good and bad ideas?

It's the maturity phase of the market that I can't wait for (though it may start getting boring about then).  It is 
essentially impossible to offer SAS-level advice (to add one last military analog) in the current market, because we 
are still arguing about what a gun is.

-cheers!

-chris


The man who never alters his opinion is like standing water, and breeds reptiles of the mind.

-William Blake 

Chris Blask
chris () blask org
http://blaskworks.blogspot.com  


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.392 / Virus Database: 268.7.0/345 - Release Date: 22/05/2006


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]