Firewall Wizards mailing list archives
Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: Chris Blask <chris () blask org>
Date: Thu, 25 May 2006 21:55:05 -0400
At 08:24 PM 25/05/2006, Marcus J. Ranum wrote: Hey M. JR!
I think it's going to happen no matter what anyone wants. Because the security market is consolidating into 2 types of companies: - single solution VC-backed start-ups chasing the hot topic du jour - huge mega corporations that don't actually develop anything and simply buy and integrate technologies to a greater or lesser degree
...and that's not all bad. o The best gadget in the world is no good if the maker doesn't survive to support it. o Another analog to twist would be: a bunch of talented and enthusiastic guerillas may be good at the start of a conflict, but when it gets really serious you'll be unhappy if you are not the one with the integrated weapons platform...
Basically, 'best of breed' only survives in a market that has not stabilized yet, and security has stabilized to the point where, basically, it's just marketing weasels coming up with cool new names for proxies, packet filtering, and signature matching.
Inasmuch as proxies, packet filters and signature matching have been done already, there isn't anything left but for Sears and Walmart to argue about whether theirs is 8% greener or cheaper. I mean, if an engineer at Volvo comes up with a really neat material for a crank bearing it isn't going to change the world by itself.
I agree with you that best of breed and defense in depth make a great deal of sense but the commercial security market will likely not support a vibrant vendor-base much longer.
An interesting proof of open source philosophy would be Enterprise-viable open source solutions large and small that would compete with commercial offerings. With a stabilized market, there shouldn't be any reason that the open source community couldn't amass a large enough variety of tools and mature integrated/ing packages to drive competitive evolution in commercial products. To date this whole infrastructure is only half baked so open source isn't any more complete, consumable and reliable than some single-vendor or psuedo-BoB alternative, but given time to stretch its legs I'd be disappointed if it didn't show well. Open source is always amazing at coming up with new things. Let's see if it can come up with scalable security.
Indeed, my guess is that security, as a market separate from network infrastructure/management and system administration is not likely to last another 10 years. If you look at the current trends, it may even happen that the security market will be mostly gone in 5. Once the big players have absorbed enough basic security features they'll be able to suck the oxygen away from the remaining small players by offering those features as freebie option-ons and it's "game over, man."
Ten years from now we should have at least a solid handle on the complete model of what a secure global internet thing looks like. If there are still waves of security-topic-of-the-day startups being funded 10 or 15 years from now then hosts will have to actually suck more than this unprotectable windows piece of cr@p I'm typing on now, and we've all screwed up in letting it drag on so long. Maybe the current crop of startups is among the last and will mature out in five years or so, but I think things are still more screwed up than that. Specialized security startups could pop up forever, but there has to eventually be an "end" of sorts to inventing basic nuts and bolts.
By the way, NONE of this will result in the end users having usable and effective security. Remember, the security market does not exist to provide security; it exists for itself. When it's a dried-out husk the game will move someplace else and you'll STILL have insecure systems.
:~) Maybe it's the longer cycle that contains the Secure Solution. Let the rabid growth and invention phase move past and allow to cool on a window-ledge for a few decades...? -woof! -chris -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.392 / Virus Database: 268.7.0/345 - Release Date: 22/05/2006 _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG), (continued)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Dave Piscitello (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 25)
- Message not available
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 25)
- Message not available
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Frank Pawlak (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Jim Seymour (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Frank Pawlak (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Carson Gaspar (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 27)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 28)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 30)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Oliver Humpage (May 28)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Paul D. Robertson (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)