RE: IDS, IPS or just rubbish?

["Rob Shein" <shoten () starpower net>]

Moderator:  forgive the levity, I thought that we could all use a little
laugh after some of the heat on this list lately...

<sarcasm>
"Oh, is this what the Gartner report was talking about?  Cool, I'll buy
three!"
</sarcasm>

> -----Original Message-----
> From: Jack Ryan [mailto:jackryan () thedoghousemail com] 
> Sent: Monday, June 23, 2003 12:31 AM
> To: focus-ids () securityfocus com
> Subject: IDS, IPS or just rubbish?
>
>
> I went to the local product launch of Checkpoint FW-1 Next 
> Generation *Artificial Intelligence* the other day and was 
> interested to see that this technology is nothing more than a 
> signature-based IDS that can pass stuff on to the firewall. 
> Funnily enough they call it "Active Defense" which is the 
> same name NAI used to describe Cybercop talking to Gauntlet 
> before they dropped/sold the products.
>
> Checkpoint are pushing this patch to NG FP3 FW-1 as an 
> all-in-one solution whereby you wouldn't need an IDS as well 
> as a firewall. In Hong Kong they have over 70% of the 
> firewall market - their market penetration is similar 
> worldwide - in order to gain competitive advantage they are 
> trying to crush the IDS/IPS market. Maybe they've been 
> partying with Gartner.
>
> What's more they are lying through their teeth. I sat there 
> and listened to them pull out terms like zero-day and 
> protocol anomaly detection which is simply them jumping on 
> the bandwagon of quality solutions. It is signature-based, 
> and though Checkpoint will apparently notify you of any new 
> threats you will still need to edit a text file so that the 
> firewall knows what they are.
>
> Their big push is that they are doing application-layer stuff 
> now which anyone who knows firewalls will know is what 
> Sidewinder, Gauntlet and Axent (Symantec) have been doing for 
> years. FW-1 is a stateful packet filter - and probably the 
> best there is in terms of enterprise management. However they 
> are not analysing traffic at the application layer asides 
> from a handful of signatures. They were saying that FW-1 NG 
> AI is the only gateway solution of its kind. Symantec have 
> had signature-based IDS combined with the *real* layer 7 
> Raptor firewall in their SGS box for ages. (performance 
> aside.........) 
>
> They kept telling me about SQL Slammer and how this solution 
> will stop it. What utter crap. Can anyone on this list tell 
> me of a signature-based IDS which picked Slammer up in the 
> 2-odd hours it needed to propogate? 
>
> There has been a lot of discussion here about the future of 
> IDS - I think I've seen Checkpoint's vision....... Treat us 
> all like fools. 
>
> Zero-day detection my ****. 
>
>
>
>
> _____________________________________________________________
> Get your FREE TheDoghouseMail email address at 
> http://www.thedoghousemail.com
>
>
> _____________________________________________________________
> Select your own custom email address for FREE! Get 
> you () yourchoice com, No Ads, 6MB, IMAP, POP, SMTP & more! 
http://www.everyone.net/selectmail?campaign=tag

----------------------------------------------------------------------------
---
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the 
world's premier technical IT security event! 10 tracks, 15 training
sessions, 
1,800 delegates from 30 nations including all of the top experts, from CSO's
to 
"underground" security specialists.  See for yourself what the buzz is
about!  
Early-bird registration ends July 3.  This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------
---



-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists.  See for yourself what the buzz is about!
Early-bird registration ends July 3.  This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------