Firewall Wizards mailing list archives
RE: IPS (was: Sources for Extranet Designs?)
From: Chris Blask <chris () protegonetworks com>
Date: Thu, 26 Feb 2004 05:23:11 -0800 (PST)
Quoting Ben Nagy <ben () iagu net>:
Can I just jump in and ask what _exactly_ people think "IPS" means? I know I'm asking for a definition debate and we've all seen a bunch of those over the years, but I'm concerned that the "buzzword" factor has lead to compression in terms of vocab.
I don't see the basic "attach an IDS to a firewall and have the firewall do stuff based on signatures" concept as amazingly useful (my personal opinion). However lots of companies are producing stuff which they are also calling IPS (us included; consider that a disclaimer).
Hi Ben, [us too included; consider that a disclaimer: though we don't really call it IPS and we don't bump-on-wire (picture an AWACS plane flying over the battlefield) - we are essentially a rolloup of IPS and SIM - we leverage the switched fabric to cut off attacks]. (IMHO) Appliance IPS = new-bump-on-wire. Evolved FW/IDS appliances which are intelligent enough to stop an attack they are capable of recognizing (seems to be the standard working def'n). FW with a level of adaptability beyond what we might be used to with FWs. A broader def'n of IPS would seem to roll up every comprehensive system including a Managed Service or good SOC... The "Cisco Self Defending Network" would be an IPS under that def'n. Too broad a def'n to serve any purpose. My standing explanation for the appliance IPS market is that folks want *so* badly to take action against an attack - and SIM vendors have so fully failed to provide any of that - that the market has said "If I can't have a holistic Attack Response that can ID and stop attacks to my network, at the very flippin' least I'll buy a box which can stop attacks on this piece of wire." All goodness as far as we're concerned - deploying troops on the ground never hurts - but as far as the new appliance IPS products, I have my doubts as to whether a whole new shell of boxes scattered throughout a network with their associated support infrastructures is really viable. We may see a survivor or two, but I'd put my chips on the existing FW players. Host IPS is definitely a good thing (why not?). -woof! -chris Chris Blask Vice President, Business Development Protego Networks Inc. (1) 416 358 9885 - Direct (1) 408 262 5220 - HQ (1) 408 262 5280 - Fax blask () protegonetworks com www.protegonetworks.com "The first purpose-built appliance for Real-Time Security Threat Mitigation" _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Plumbers... was Re: Sources for Extranet Designs?, (continued)
- Plumbers... was Re: Sources for Extranet Designs? Gary Flynn (Feb 24)
- RE: Sources for Extranet Designs? Marcus J. Ranum (Feb 23)
- RE: Sources for Extranet Designs? Jim Seymour (Feb 23)
- RE: Sources for Extranet Designs? Mitchell Rowton (Feb 23)
- RE: Sources for Extranet Designs? Steven A. Fletcher (Feb 23)
- RE: Sources for Extranet Designs? Wes Noonan (Feb 23)
- RE: Sources for Extranet Designs? Don Parker (Feb 23)
- RE: Sources for Extranet Designs? Chris Blask (Feb 24)
- RE: IPS (was: Sources for Extranet Designs?) Ben Nagy (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Christian Kreibich (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Chris Blask (Feb 26)
- Re: IPS (was: Sources for Extranet Designs?) Bennett Todd (Feb 26)
- RE: IPS (was: Sources for Extranet Designs?) Frederick M Avolio (Feb 26)
- RE: Sources for Extranet Designs? Don Parker (Feb 24)