Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IPS (was: Sources for Extranet Designs?)

From: Chris Blask <chris () protegonetworks com>
Date: Thu, 26 Feb 2004 05:23:11 -0800 (PST)

Quoting Ben Nagy <ben () iagu net>:


Can I just jump in and ask what _exactly_ people think "IPS" means? I
know I'm asking for a definition debate and we've all seen a bunch of those
over the years, but I'm concerned that the "buzzword" factor has lead to
compression in terms of vocab.



I don't see the basic "attach an IDS to a firewall and have the firewall
do stuff based on signatures" concept as amazingly useful (my personal
opinion). However lots of companies are producing stuff which they are
also calling IPS (us included; consider that a disclaimer).


Hi Ben,

[us too included; consider that a disclaimer: though we don't really call it 
IPS and we don't bump-on-wire (picture an AWACS plane flying over the 
battlefield) - we are essentially a rolloup of IPS and SIM - we leverage the 
switched fabric to cut off attacks].

(IMHO) Appliance IPS = new-bump-on-wire.  Evolved FW/IDS appliances which are 
intelligent enough to stop an attack they are capable of recognizing (seems to 
be the standard working def'n).  FW with a level of adaptability beyond what 
we might be used to with FWs.

A broader def'n of IPS would seem to roll up every comprehensive system 
including a Managed Service or good SOC...  The "Cisco Self Defending Network" 
would be an IPS under that def'n.  Too broad a def'n to serve any purpose.

My standing explanation for the appliance IPS market is that folks want *so* 
badly to take action against an attack - and SIM vendors have so fully failed 
to provide any of that - that the market has said "If I can't have a holistic 
Attack Response that can ID and stop attacks to my network, at the very 
flippin' least I'll buy a box which can stop attacks on this piece of wire."

All goodness as far as we're concerned - deploying troops on the ground never 
hurts - but as far as the new appliance IPS products, I have my doubts as to 
whether a whole new shell of boxes scattered throughout a network with their 
associated support infrastructures is really viable.  We may see a survivor or 
two, but I'd put my chips on the existing FW players.

Host IPS is definitely a good thing (why not?).

-woof!

-chris

Chris Blask
Vice President, Business Development
Protego Networks Inc.

(1) 416 358 9885 - Direct
(1) 408 262 5220 - HQ
(1) 408 262 5280 - Fax

blask () protegonetworks com
www.protegonetworks.com

"The first purpose-built appliance for Real-Time Security Threat Mitigation"
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: