IDS mailing list archives
RE: IPS, alternative solutions
From: "Murtland, Jerry" <MurtlandJ () Grangeinsurance com>
Date: Fri, 17 Sep 2004 15:00:53 -0400
I've been reviewing options for Network Admission Control as well to ensure consistency of approved applications and disallowing unapproved applications and the other inherent sanity checks such as patching, .dats, etc. The two that I've seen so far that best addresses the issues are Sygate and ZoneLabs (same or not). Cisco has their SA product and we are looking into that also. I'm interested to learn what options you are looking at and what your opinion is on those solutions. Jerry J. Murtland, CISSP -----Original Message----- From: Jason Haar [mailto:Jason.Haar () trimble co nz] Sent: Wednesday, September 15, 2004 9:09 PM To: focus-ids () securityfocus com Subject: Re: IPS, alternative solutions On Wed, Sep 15, 2004 at 03:47:28PM -0400, Jason wrote:
I would be seriously interested in an ROI that can demonstrate savings. The simple question is how is inline packet scrubbing easier and more cost effective than patching?
It isn't. I think the business community is starting to realise that in this Microsoft dominated world, we can no longer exclusively rely on "external" infrastructure like firewalls and NIDS to protect our machines - we have to make our machines more secure. The advent of Windows Updates and SUS are signs that Microsoft is listening and learning. Of course I could rant on at length about the *culture* of Windows being the much harder nut to crack (local admin privs anyone?), but it's moving in the right direction. Firewalls and NIDS are obviously good to have (required isn't probably too strong a word), but once you have a good, working and productive "network protection" infrastructure in place, your security gaze rightfully falls back on those darn Windows boxes again... In the medium term our company going down the Network Admission Control route: don't allow a machine onto the corporate network unless it has been VETOED by the network as being patched, up to date, etc. Interestingly, this "network solution" reinforces my point - it's all about bring consistency and security standards to the end-user PC... -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- IPS, alternative solutions Daniel (Sep 15)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)
- Re: IPS, alternative solutions Jason (Sep 16)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)
- Re: IPS, alternative solutions Jason Haar (Sep 16)
- Re: IPS, alternative solutions Jason (Sep 16)
- Re: IPS, alternative solutions Alex Butcher, ISC/ISYS (Sep 15)
- Re: IPS, alternative solutions Andy Cuff (Sep 16)
- <Possible follow-ups>
- Re: IPS, alternative solutions Johann_van_Duyn (Sep 15)
- RE: IPS, alternative solutions Palmer, Paul (ISSAtlanta) (Sep 17)
- Re: IPS, alternative solutions Jason (Sep 17)
- RE: IPS, alternative solutions Murtland, Jerry (Sep 17)
- RE: IPS, alternative solutions Cure, Samuel J (Sep 21)
- Re: IPS, alternative solutions Jason (Sep 22)
- Re: IPS, alternative solutions Mike Frantzen (Sep 22)
- Re: IPS, alternative solutions Devdas Bhagat (Sep 27)
- Re: IPS, alternative solutions Thomas Ptacek (Sep 29)
- Re: IPS, alternative solutions Kyle Maxwell (Sep 23)
- Message not available
- Re: IPS, alternative solutions Jason (Sep 26)
- Re: IPS, alternative solutions p z (Sep 27)
- Re: IPS, alternative solutions Jason (Sep 30)
- Re: IPS, alternative solutions Jason (Sep 22)
- RE: IPS, alternative solutions Stuart Staniford (Sep 29)
- Re: IPS, alternative solutions Scott Wimer (Sep 15)