Firewall Wizards mailing list archives
Re: Enterprise Security Management - Dream or reality
From: Predrag Zivic <pzivic () yahoo com>
Date: Wed, 3 Jan 2001 08:44:35 -0800 (PST)
This is an interesting problem. One vendor or point solutions? Why one vendor? Example: Let's say one deploys the access control (bullsoft, eTrust, tripwire etc.) Now we decide to use ISS - SSS to verify the system (i.e. probe the system security). This will be a VERY big problem since ISS SSS might not be aware of the eTrust or other access control products. So your vulnerability assessment can not be done. Now, one might not care about system scanning... Another problem is information/security management user profiling etc... Why point solutions? The best of breed products. The drawback; a lot of custom integration work. Consultants like me love this (all future point solution product upgrades are mine! i.e. sales people call it continious revenue or something:-))) Anyway, ones' requirements or vision or wishes or budget will push the decision one way or another. This is a X&O game... Pez --- Iván_Arce <core.lists.firewall-wizards () core-sdi com> wrote:
Hello, So far ive corresponded with Maddy out of the list to prevent what could be seen as a shameless commercial plug to our company's product. But i believe it might be helpful to elaborate a bit on WHY we wrote our own thing Also, there is a couple of products that are not included in Maddy's list: - Unisys Single Point security suite - Tivoli SecureWay now onto the topic... ----- Original Message ----- From: "Talisker" <Talisker () networkintrusion co uk> Newsgroups: core.lists.firewall-wizards To: "Maddy" <mwlalex () magix com sg>; "Predrag Zivic" <pzivic () yahoo com> Cc: "fw-wiz" <firewall-wizards () nfr net> Sent: Tuesday, January 02, 2001 8:11 PM Subject: Re: [fw-wiz] Enterprise Security Management - Dream or realityMaddy [on list] Is it essential to use just one vendor? Manysecurity products areinteroperable these days, this way you can use thebest of breed from eachcategory. I missed the original post so Iapologise if I've got the wrongend of the stick.There's exactly the problem that the 'subject' line on maddy's mail suggests. Many security products *claim* to be interoperable but they are not in the real world, specially if you consider large organizations with complex networks. Although the building blocks for making them work together are present the effort needed (in terms of money/time and technical expertise) makes the interoperability goal infeasible. That is exactly the problem we (CORE-SDI) faced 2 years ago and that is one of the reasons that decided us to write our own product. The fact is that (as far as i know) NONE of the mentioned products or even suites were designed to work in an integrated fashion, and that means a lot more than having a single management console. Also, it is fairly easy to select best of breed products for certain categories (antivirus, firewalls, IDSes, VPNs setups) but it is not so for other categories and you end up with a bunch of products that are good by themselves but do not provide a blanket/ homogeneous solution for the whole corporate network security, specially when that network is comprised of a very heterogeneous set of platforms and applications. It should be mentioned that the acclaimend security suites are generally a set of point products adquired by big security companies from smaller companies and then wired to work together in a sometimes lets say not very elegant fashion OR they are blanket solutions that evolved from products of companies not really dedicated to information security. Finally, a key aspect of such a solution is maintainability/support or whatever you want to call it. Having several point products integrated is costly but suppossing you've done it, the next problem will be to keep up with whatever the different vendors chose to do with their products and either have new features integrated again or live with outdated versions of them.Whilst it is easier to have all your securityarsenal from the same vendor,some of the products they acquire to make up the"suite" aren't necessarilygood at what they do.Reading this, the term 'security in depth' comes to mind, surely you dont want something that will replace the security infraestructure already deployed and have your security dependant on one vendor. IMHO the good thing would be to have something that integrates the existing infraestructure giving you the ability to still use point products for certain things , the things they are good for.There can be a benefit from having a singlereporting console, but fromexperience I don't like to see HIDS and NIDSoutput on the same screen, withthe exception of router output on the NIDS screen.Therefore does the NIDSand HIDS need to be the same vendor? Moreover, ifyou do need correlation,most NIDS and HIDS etc feed into their respectivedatabases, you can linkthe info using cross table queries.And for this you will have to spend a lot of time in the painfull process of making sense out of the different db format and entries in order to unify the output into something meanignful. I've had contact with a group of persons doing exactly that during the past months and I know it is a tiresome and unrewarding process.There can also be a financial saving in buyingfrom a variety of vendors. it can aswell be exactly the opposite and that was one of the other reasons for writing our own. Anyway, im not trying to plug anything in particular and purposely didnt mention our own product, i am more interested in the discussion of why ESM is worse of better than best of breed point products, what are the pros and con of each approach and how to evaluate technically a ESM type of solution. Then again, perhaps it is OT for firewall-wizards . -ivan----- Original Message ----- From: "Maddy" <mwlalex () magix com sg> To: "Predrag Zivic" <pzivic () yahoo com> Cc: "fw-wiz" <firewall-wizards () nfr net> Sent: Saturday, December 30, 2000 4:56 PM Subject: Re: [fw-wiz] Enterprise SecurityManagement - Dream or realityThk u all for responding to my dream securitysetup. Ok, my list hasgrown now to : Definite considerations 1) Pentasafe (Security Manager) 2) Computer Associate (eTrust) 3) Symantec (Not sure if there's a single name) Possible considerations 1) Hewlett Packard (ITO) 2) ISS (haven't check them out yet) 3) CSS (haven't check them out yet) 4) [ Create my own software like what Ivan Arcedid ] :)For those who are keen to know the results ofour
=== message truncated === __________________________________________________ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Enterprise Security Management - Dream or reality Maddy (Jan 02)
- Re: Enterprise Security Management - Dream or reality Talisker (Jan 02)
- Re: Enterprise Security Management - Dream or reality Iván Arce (Jan 03)
- <Possible follow-ups>
- Re: Enterprise Security Management - Dream or reality Maddy (Jan 03)
- Re: Enterprise Security Management - Dream or reality Predrag Zivic (Jan 03)
- Re: Enterprise Security Management - Dream or reality Talisker (Jan 02)