IDS mailing list archives
RE: How to choose an IDS/FW MSS provider
From: Nigel Lewis <nigel.lewis () cstl com>
Date: Thu, 17 Mar 2005 09:19:14 -0000
Looking at the different responses to this question, I think that maybe the question might be better split, as I believe there two succinctly different issues: 1) How to select an IDS/FW product 2) How to select an MSS provider I am ignoring 1 as its been done to death, but in terms of question 2), here are some criteria for consideration: * Is the MSS provider product agnostic? * Are the SOCS physically secured? * Are the SOC's assessed and registered to 17799 standards by an independent certification body * Are the SOC'S manned by staff, that have a) recognised security certification status and b) the experience to use the qualifications? * Do the SOC's have global geographic coverage and insight? * The Quality of the event correlation process and tools? * How does the SOC undertake vulnerability research and intelligence? * Response, SLA's and ability to execute suitable action? -Nigel -----Original Message----- From: Chris Harrington [mailto:charrington () nitrosecurity com] Sent: 16 March 2005 04:26 To: 'Adam Powers'; 'David W. Goodrum'; 'Stephane' Cc: 'Brady, Rick'; 'Melih Kirkgöz (Koç.net)'; focus-ids () securityfocus com Subject: RE: How to choose an IDS/FW MSS provider -----Original Message----- From: Adam Powers [mailto:apowers () lancope com]
Besides, the device still needs an IP on the local network for management.
Sounds like security through obscurity to me. You do not need an IP address to manage an IPS. You just have to route the management traffic through the IPS if you want to do in band management. Telco equipment has been doing this sort of thing for a while. There are instances where a management interface with an IP makes sense but it is not required.
With the obvious success of IPS technologies at the perimeter, I find it
hard to believe that IPS and FW >technologies will remain disparate technologies for more than a few more years. The IPS vendors need to >do one of two things:
1. Find a good firewall vendor to acquire them or 2. Build a full featured
firewall from scratch. I think you're looking in the wrong direction strategically. IPS at the edge devices (i.e. switch ports) is the next frontier. Protecting the core from the distribution layer and workstations from other workstations is next. You already have some IPS vendors rushing in this direction. IPS at the network perimeter is old hat by now. There may be some more convergence down the road in the FW / IPS space but I don't see much more. --Chris Christopher Harrington, CISSP Director, Nitro Threat Analysis Center nitrosecurity o: 603.766.8160 x25 c: 603.969.0592 e: charrington () nitrosecurity com w: www.nitrosecurity.com Skype: chrisharrington -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- ******************************************************************************* A single supplier for all your IT security requirements ( Experts in Internet, Server & Data security ) Internet Email Confidentiality Notification Footer: Privileged/Confidential Information may be contained in this message, please do not forward to a third party without written authorisation. If you are not the addressee indicated in this message (or responsible for delivery of the message to said person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify us immediately. If you or your employer does not consent to Internet email messages of this kind, please advise us immediately. Opinions, conclusions and other information expressed in this message are not given or endorsed by my firm or employer unless otherwise indicated in separate written format by an authorised representative independent of this message. Errors and omissions excepted. All Trademarks and Copyright is acknowledged. This email has been scanned for Virus content. ******************************************************************************* -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- RE: How to choose an IDS/FW MSS provider, (continued)
- RE: How to choose an IDS/FW MSS provider Andrew Plato (Mar 16)
- Re: How to choose an IDS/FW MSS provider Andre Ludwig (Mar 19)
- Re: How to choose an IDS/FW MSS provider Prashant Khandelwal (Mar 24)
- Re: How to choose an IDS/FW MSS provider Andre Ludwig (Mar 19)
- Re: How to choose an IDS/FW MSS provider Adam Powers (Mar 19)
- RE: How to choose an IDS/FW MSS provider Chris Harrington (Mar 19)
- RE: How to choose an IDS/FW MSS provider Koç.net (Mar 19)
- Re: How to choose an IDS/FW MSS provider Mark Teicher (Mar 19)
- Re: How to choose an IDS/FW MSS provider Martin Roesch (Mar 19)
- Re: How to choose an IDS/FW MSS provider Mark Teicher (Mar 24)
- Re: How to choose an IDS/FW MSS provider Devdas Bhagat (Mar 28)
- Re: How to choose an IDS/FW MSS provider Martin Roesch (Mar 19)
- RE: How to choose an IDS/FW MSS provider Andrew Plato (Mar 16)
- RE: How to choose an IDS/FW MSS provider Nigel Lewis (Mar 19)
- RE: How to choose an IDS/FW MSS provider Sergey V Soldatov (Mar 19)
- RE: How to choose an IDS/FW MSS provider Jason Baeder (Mar 19)
- Re: How to choose an IDS/FW MSS provider fuijdancer (Mar 23)
- Re: How to choose an IDS/FW MSS provider fuijdancer (Mar 23)
- Re: How to choose an IDS/FW MSS provider fuijdancer (Mar 24)