Re: Enterprise Security Management - Dream or reality

[Predrag Zivic <pzivic () yahoo com>]

This is an interesting problem. One vendor or point
solutions?

Why one vendor?
Example: Let's say one deploys the access control
(bullsoft, eTrust, tripwire etc.)
Now we decide to use ISS - SSS to verify the system
(i.e. probe the system security).
This will be a VERY big problem since ISS SSS might
not be aware of the eTrust or other access control
products. So your vulnerability assessment can not be
done. Now, one might not care about system scanning...
Another problem is information/security management
user profiling etc... 

Why point solutions?
The best of breed products. 
The drawback; a lot of custom integration work.
Consultants like me love this (all future point
solution product upgrades are mine! i.e. sales people
call it continious revenue or something:-)))

Anyway, ones' requirements or vision or wishes or
budget will push the decision one way or another. 

This is a X&O game...

Pez

--- Iván_Arce
<core.lists.firewall-wizards () core-sdi com> wrote:
> Hello,
>  So far ive corresponded with Maddy out of the list
> to
>  prevent what could be seen as a shameless
> commercial
>  plug to our company's product. But i believe it
> might be
>  helpful to elaborate a bit on WHY we wrote our own
> thing
>
>  Also, there is a couple of products that are not
> included in
>  Maddy's list:
>   - Unisys Single Point security suite
>   - Tivoli SecureWay
>
>  now onto the topic...
>
> ----- Original Message -----
> From: "Talisker" <Talisker () networkintrusion co uk>
> Newsgroups: core.lists.firewall-wizards
> To: "Maddy" <mwlalex () magix com sg>; "Predrag Zivic"
> <pzivic () yahoo com>
> Cc: "fw-wiz" <firewall-wizards () nfr net>
> Sent: Tuesday, January 02, 2001 8:11 PM
> Subject: Re: [fw-wiz] Enterprise Security Management
> - Dream or reality
>
>
> > Maddy
> > [on list]
> > Is it essential to use just one vendor? Many
> security products are
> > interoperable these days, this way you can use the
> best of breed from each
> > category.  I missed the original post so I
> apologise if I've got the wrong
> > end of the stick.
>
> There's exactly the problem that the 'subject' line
> on maddy's mail
> suggests.
> Many security products *claim* to be interoperable
> but  they are not
> in the real world, specially if you consider large
> organizations with
> complex networks. Although the building blocks for
> making them work
> together are present the effort needed (in terms of
> money/time and
> technical expertise) makes the interoperability goal
> infeasible.
>
> That is exactly the problem we (CORE-SDI) faced 2
> years ago and that
>  is one of the reasons that decided us to write our
> own product.
>
> The fact is that  (as far as i know) NONE of the
> mentioned products or
>  even suites were designed to work in an integrated
> fashion, and that
>  means a lot more than having a single management
> console.
>
>  Also, it is fairly easy to select best of breed
> products for certain
>  categories (antivirus, firewalls, IDSes, VPNs
> setups) but it is not so
>  for other categories and you end up with a bunch of
> products that
>  are good by themselves but do not provide a
> blanket/ homogeneous
>  solution for the whole corporate network security,
> specially when that
>  network is comprised of a very heterogeneous set of
> platforms and
>  applications.
>
>  It should be mentioned that the acclaimend security
> suites are
>  generally a set of point products adquired by big
> security companies
> from smaller companies and then wired to work
> together in a sometimes
> lets say not very  elegant fashion OR they are
> blanket solutions that
> evolved from products of companies not really
> dedicated to
> information security.
>
>  Finally, a key aspect of such a solution is
> maintainability/support or
>  whatever you want to call it. Having several point
> products integrated
>  is costly but suppossing you've done it, the next
> problem will be to keep
>  up with whatever the different vendors chose to do
> with their products
>  and either have new features integrated again or
> live with outdated
>  versions of them.
>
> > Whilst it is easier to have all your security
> arsenal from the same
> vendor,
> > some of the products they acquire to make up the
> "suite" aren't
> necessarily
> > good at what they do.
>
> Reading this, the term 'security in depth' comes to
> mind, surely you
> dont want something that will replace the security
> infraestructure already
> deployed and have your security dependant on one
> vendor. IMHO the
> good thing would be to have something that
> integrates the existing
> infraestructure giving you the ability to still use
> point products for
> certain
> things , the things they are good for.
>
> > There can be a benefit from having a single
> reporting console, but from
> > experience I don't like to see HIDS and NIDS
> output on the same screen,
> with
> > the exception of router output on the NIDS screen.
>  Therefore does the
> NIDS
> > and HIDS need to be the same vendor?  Moreover, if
> you do need
> correlation,
> > most NIDS and HIDS etc feed into their respective
> databases, you can link
> > the info using cross table queries.
>
> And for this you will have to spend a lot of time in
> the painfull process of
> making sense out of the different db format and
> entries in order to unify
> the output into something meanignful. I've had
> contact with a group of
> persons doing exactly that during the past months
> and I know it is a
> tiresome and unrewarding process.
>
> > There can also be a financial saving in buying
> from a variety of vendors.
>
> it can aswell be exactly the opposite and that was
> one of the other reasons
> for writing our own.
>
>
> Anyway, im not trying to plug anything in particular
> and purposely didnt
> mention our own product, i am more interested in the
> discussion of why
> ESM is worse of better than best of breed point
> products, what are
> the pros and con of each approach and how to
> evaluate technically
> a ESM type of solution.
> Then again, perhaps it is OT for firewall-wizards .
>
>  -ivan
>
>
> > ----- Original Message -----
> > From: "Maddy" <mwlalex () magix com sg>
> > To: "Predrag Zivic" <pzivic () yahoo com>
> > Cc: "fw-wiz" <firewall-wizards () nfr net>
> > Sent: Saturday, December 30, 2000 4:56 PM
> > Subject: Re: [fw-wiz] Enterprise Security
> Management - Dream or reality
> > > Thk u all for responding to my dream security
> setup. Ok, my list has
> > > grown now to :
> > >
> > > Definite considerations
> > > 1) Pentasafe (Security Manager)
> > > 2) Computer Associate (eTrust)
> > > 3) Symantec (Not sure if there's a single name)
> > >
> > > Possible considerations
> > > 1) Hewlett Packard (ITO)
> > > 2) ISS (haven't check them out yet)
> > > 3) CSS (haven't check them out yet)
> > > 4) [ Create my own software like what Ivan Arce
> did ] :)
> > > For those who are keen to know the results of
> our 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards