IDS mailing list archives
RE: How to choose an IDS/FW MSS provider
From: "Chris Harrington" <charrington () nitrosecurity com>
Date: Wed, 16 Mar 2005 01:17:23 -0500
----Original Message----- From: Adam Powers [mailto:apowers () lancope com] Sent: Wednesday, March 16, 2005 12:06 AM To: Chris Harrington; 'David W. Goodrum'; 'Stephane' Cc: 'Brady, Rick'; 'Melih Kirkgöz ' (Koç.net); focus-ids () securityfocus com Subject: Re: How to choose an IDS/FW MSS provider
I'm sorry, what "old hat" technology are you referring to? Tippingpoint? Intruvert? Proventia G? These are "old hat"? How so? What percentage of
market share denotes "old hat"? >Your reasoning says < 10%. When I say "old hat" I am not disparaging the technology or vendors in any way. I am saying that IPS at the perimeter has and is being done by an increasing number of vendors. It's common place and there is not a lot more that can be done there. I dont think IPS is going to curl up and die at the perimeter...where else can it go besides deeper inside the network?
I'm also really confused as to how you think we're going to deploy (affordable) IPS technology at the edge? What is the per-port cost of
current (successful) IPS
technologies? If I have 30,000 ports in my enterprise, what will it cost me
to "protect the core from
the distribution layer"?
What is the per-port for current IPS technologies for 30k ports? A lot I am sure....prohibitive from a cost perspective for many. What about IDS / IPS functionality on the switch itself? There are at least 2 vendors that I am aware of who are talking with switch manufacturers on this very topic. If this functionality comes in the form of an expansion card or firmware upgrade for a switch it would be more cost effective than current technologies. As far as protecting the core from distribution, there is a reason that vendors are coming out with 5 gig and faster boxes and its not to protect a DS-3 connection :)
I'm not certain what school of IPS deployment you are from but it's
definitely not the "school of reality". I am looking forward. Read my post closely, I never said this is what is happening now. I said the "next frontier".
Or perhaps you know of some new edge technology: 1. that's affordable 2. that's deployable on the workstation 3. that's deployable on the switch fabric (enterprise wide) 4. that I/we can't comprehend (perhaps from Nitro Security?) If #3 is the answer, please explain / describe / enlighten.
Lol...I think you need to re-read my post. I never claimed there was this breakthrough technology. More than once I made reference to where I think things *will* be going, not where they are today. I would love to tell you that there is this great technology that will protect your 30k switches for $999.95. We all know that is not the case, yet. IPS / IDS down to the switch port is where I see this heading. That's my opinion and you do not have to agree with it which you apparently do not. It's more interesting if you don't :) --Chris Christopher Harrington, CISSP Director, Nitro Threat Analysis Center nitrosecurity o: 603.766.8160 x25 c: 603.969.0592 e: charrington () nitrosecurity com w: www.nitrosecurity.com Skype: chrisharrington -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Re: How to choose an IDS/FW MSS provider, (continued)
- Re: How to choose an IDS/FW MSS provider David W. Goodrum (Mar 19)
- RE: How to choose an IDS/FW MSS provider Palmer, Paul (ISSAtlanta) (Mar 16)
- RE: How to choose an IDS/FW MSS provider THolman (Mar 16)
- Re: How to choose an IDS/FW MSS provider Sasser (Mar 19)
- Re: How to choose an IDS/FW MSS provider Mark Teicher (Mar 16)
- RE: How to choose an IDS/FW MSS provider THolman (Mar 16)
- RE: How to choose an IDS/FW MSS provider Andrew Plato (Mar 16)
- Re: How to choose an IDS/FW MSS provider Andre Ludwig (Mar 19)
- Re: How to choose an IDS/FW MSS provider Prashant Khandelwal (Mar 24)
- Re: How to choose an IDS/FW MSS provider Andre Ludwig (Mar 19)
- Re: How to choose an IDS/FW MSS provider Adam Powers (Mar 19)
- RE: How to choose an IDS/FW MSS provider Chris Harrington (Mar 19)
- RE: How to choose an IDS/FW MSS provider Koç.net (Mar 19)
- Re: How to choose an IDS/FW MSS provider Mark Teicher (Mar 19)
- Re: How to choose an IDS/FW MSS provider Martin Roesch (Mar 19)
- Re: How to choose an IDS/FW MSS provider Mark Teicher (Mar 24)
- Re: How to choose an IDS/FW MSS provider Devdas Bhagat (Mar 28)
- Re: How to choose an IDS/FW MSS provider Martin Roesch (Mar 19)
- RE: How to choose an IDS/FW MSS provider Nigel Lewis (Mar 19)
- RE: How to choose an IDS/FW MSS provider Sergey V Soldatov (Mar 19)
- RE: How to choose an IDS/FW MSS provider Jason Baeder (Mar 19)
- Re: How to choose an IDS/FW MSS provider fuijdancer (Mar 23)
- Re: How to choose an IDS/FW MSS provider fuijdancer (Mar 23)