Firewall Wizards mailing list archives
Re: OT: Av and Gartner...
From: Paul Robertson <proberts () patriot net>
Date: Wed, 30 Jul 2003 20:37:28 -0400 (EDT)
On Wed, 30 Jul 2003, John Keeton wrote:
Slightly OT here.
I don't think so :)
In corporate land, where does everyone have AV installed? Currently, we have desktop, NT servers, and email gateway. I am thinking that we need http/ftp scanning via ICAP from our proxy, but Gartner[1] says http/ftp scanning is uneeded. I don't know if I agree.. -OR- Are people installing
[snip] Disclaimer: Gartner is an investor in TruSecure, my employer and through our ICSA Labs division, the hoster of this list. I do NOT speak for them, and I'm speaking only for myself in this message, and it's all personal opinion. Most folks aren't worried about HTML/HTTP threats. I used to actively resist e-mail gateway A/V scanning, but these days, I think it just makes sense. Non-E-mail malcode threats that are quick are worms that do either overflows, or file share guessing. Both of those really want desktop/server scanning to fix them. HTTP-based threats tend to get shut down quickly enough (for the non-worm type) that the window is quite short, but if you're going to do complete protection, and want to laugh at the rush to update IE when someone gets one to take hold, then it's worthwhile looking.
Also, anyone have any experiance with Garner regarding security items? This AV answer, joined with their latest magic quad. for firewalls and ids is just plain scary. I don't know if I even want to put an ounce of faith in them anymore.
To me, it depends on the analyst doing the work. I've consistantly agreed with some of their analyses, and thought "What the heck where they smoking?" when I've read others that tended to parrot some particular marketing brochure-speak that lots of vendors were trumpeting.
[1] At my employ Gartner is god.
The good news, is that if this is true, it's generally because you're paying enough that you get the "call and beat up someone with the real hard questions and pick at their assumptions" option. I've used that in a past life to get past recommendations that I thought sucked at other companies I've worked for. The bonus is that management sees you as playing well with them if you line the reasons up for the call well. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- OT: Av and Gartner... John Keeton (Jul 30)
- Re: OT: Av and Gartner... Paul Robertson (Jul 30)
- RE: OT: Av and Gartner... Bob Wanamaker - Avant Systems, Inc. (Jul 30)
- Re: OT: Av and Gartner... Jim McAtee (Jul 30)
- Re: OT: Av and Gartner... Paul Robertson (Jul 30)
- Re: OT: Av and Gartner... R. DuFresne (Jul 30)
- Re: OT: Av and Gartner... Luca Berra (Jul 31)
- Re: OT: Av and Gartner... Paul A. Henry (Jul 30)
- Re: OT: Av and Gartner... Marcus J. Ranum (Jul 31)
- Re: OT: Av and Gartner... Fritz Ames (Jul 31)
- Re: OT: Av and Gartner... Marcus J. Ranum (Jul 31)
- Re: OT: Av and Gartner... Dave Piscitello (Jul 31)
- Re: OT: Av and Gartner... Fritz Ames (Jul 31)
(Thread continues...)