Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)

["Marcus J. Ranum" <mjr () ranum com>]

Frank Pawlak wrote:
> I agree that the security industry is all but dead, but what are the 
> big financial firms, or perhaps the gov using for security 
> systems. 

Government security efforts have nearly zero effect on the industry. Because
of the way computing is practiced by the feds, it's largely contractors doing
IT nowadays. The contracting process emphasizes using the usual software
in the usual way - and since the contractors are expected to be working on a
level playing field it's pretty much all just off-the-shelf software. Indeed, in the
90's there was a very strong movement away from custom software for the
federal government, due to some of the monstrously expensive failures of
the late 80's. Unfortunately, what's happened is that government's failure
to do cost-effective program management for custom code has resulted in
the baby being thrown out with the bath water: the entire idea of "custom
code for government applications" is reduced to "only when necessary."
The end result is that the government's systems run pretty much on
the exact same stuff as the private sector, only it's more often out of
date and poorly maintained because of procurement cycles and contracting.
If you have to pay someone else to install Windows for your desktops,
how often do you think it gets updates?

The big commercial firms are an interesting question, though. There's
the ones that are innovating in non-computing fields, and they mostly use
computing in a supporting role. In that environment, there's no need for
innovative use of information technology. But the places where there is
innovation going on - is largely custom code or extremely clever
customizations of existing code. WALMART, Amazon, Ebay, Google,
need I say more? The big financial firms - Wall Street and banking,
supposedly write more code in-house than any other industry in the US,
right now.

Obviously, I'm biassed. :) I know that I believe that the do-it-yourselfers
are the innovators, and the innovators are the ones that break away from
the herd and get things done. It's part of the endlessly repeating cycle,
in which someone has a good idea, writes something that's unique and
cool, and is eventually caught up to and crushed by the moo-ing hordes.
In market analysts' terms an industry is considered "mature" when the
innovators have gone on to do other things and the market is filled
with providers that are offering safe solutions that don't challenge the
herd's comfortable awareness that their using the same version of
(whatever) that their golfing buddies are using.

mjr. 

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards