Re: How to choose an IDS/FW MSS provider

[Adam Powers <apowers () lancope com>]

> I think you're looking in the wrong direction strategically. IPS at the edge
> devices (i.e. switch ports) is the next frontier. Protecting the core from
> the distribution layer and workstations from other workstations is next. You
> already have some IPS vendors rushing in this direction. IPS at the network
> perimeter is old hat by now. There may be some more convergence down the
> road in the FW / IPS space but I don¹t see much more.

I'm sorry, what "old hat" technology are you referring to? Tippingpoint?
Intruvert? Proventia G? These are "old hat"? How so? What percentage of
market share denotes "old hat"? Your reasoning says < 10%.

I'm also really confused as to how you think we're going to deploy
(affordable) IPS technology at the edge? What is the per-port cost of
current (successful) IPS technologies? If I have 30,000 ports in my
enterprise, what will it cost me to "protect the core from the distribution
layer"?

I'm not certain what school of IPS deployment you are from but it's
definitely not the "school of reality".

Or perhaps you know of some new edge technology:
1. that's affordable
2. that's deployable on the workstation
3. that's deployable on the switch fabric (enterprise wide)
4. that I/we can't comprehend (perhaps from Nitro Security?)

If #3 is the answer, please explain / describe / enlighten.




On 3/15/05 8:26 PM, "Chris Harrington" <charrington () nitrosecurity com>
wrote:

> -----Original Message-----
> From: Adam Powers [mailto:apowers () lancope com]
>  
> > Besides, the device still needs an IP on the local network for management.
> Sounds like security through obscurity to me.
>
> You do not need an IP address to manage an IPS. You just have to route the
> management traffic through the IPS if you want to do in band management.
> Telco equipment has been doing this sort of thing for a while. There are
> instances where a management interface with an IP makes sense but it is not
> required.
>
> > With the obvious success of IPS technologies at the perimeter, I find it
> hard to believe that IPS and FW >technologies will remain disparate
> technologies for more than a few more years. The IPS vendors need to >do one
> of two things:
>
> > 1. Find a good firewall vendor to acquire them or 2. Build a full featured
> firewall from scratch.
>
> I think you're looking in the wrong direction strategically. IPS at the edge
> devices (i.e. switch ports) is the next frontier. Protecting the core from
> the distribution layer and workstations from other workstations is next. You
> already have some IPS vendors rushing in this direction. IPS at the network
> perimeter is old hat by now. There may be some more convergence down the
> road in the FW / IPS space but I don¹t see much more.
>
>
> --Chris
>
>
> Christopher Harrington, CISSP
> Director, Nitro Threat Analysis Center
> nitrosecurity
> o: 603.766.8160 x25
> c: 603.969.0592
> e: charrington () nitrosecurity com
> w: www.nitrosecurity.com
> Skype: chrisharrington


-- 

Adam  Powers
Director of Technology
Lancope, Inc.
c. 678.725.1028
f. 770.225.6501
e. apowers () lancope com

StealthWatch by Lancope - Security Through Network Intelligence



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------