Re: State of security technology for the enterprise

["miedaner" <miedaner () twcny rr com>]

The underlying architecture is very important to providing control.

Build in security zones, dmz, transit, low to high zones.

> From layer 1-7 as you move from low to high zones controls should increase
and each zone should be setup to detect problems.

Less is more, permit few, deny all.

You can buy all the gadgets you want but in the arms race that has been
occuring for as long as I can remember, you will never ever be ahead of the
enemy, or clueless user, unless you don't allow it by default.
  That being said my experience

  Cisco is weak

  Love Netscreen/Juniper

  ISS is expensive and since IBM took them over is getting weaker

  Palo Alto seems promising

  Sidewinder is good

  DPI is a marketing term to me

   -----Original Message-----
  From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com]On Behalf Of Chris
Hughes
  Sent: Wednesday, April 29, 2009 9:31 AM
  To: firewall-wizards () listserv icsalabs com
  Subject: [fw-wiz] State of security technology for the enterprise


  Hello all.



  I am currently developing a strategy for evolving the security for my
enterprise network.  Currently I protect the core network (servers and
services) and internet with inline sensors, use HIDS on all client machines
(which performs event correlation with the inline sensors) content
filtering, use of AV on all hosts, SSL and IPSec VPN and spamfiltering on
the edge.



  In reviewing the latest offerings I see that there are new and potentially
immature technologies that may be the direction I need to look.  These
include:



  DPI (deep packet inspection) firewalls

  Content filtering on the firewall

  SSL proxying with decryption for filtering abuse and data leak

  DLP - related to ssl filtering but with the addition of protecting data at
rest from leaving the network.

  VMWARE/Hypervisor sensors to protect my virtual infrastructure



  The vendors offerings I am reviewing include:



  Cisco

  ISS

  Juniper

  Fortinet

  Palo Alto



  If I omitted serious contenders from my list please bring them to my
attention.  I also have a feature matrix I am willing to share if anyone is
interested.



  Cisco has point product solutions for the most part but Juniper, Palo Alto
and Fortinet are combining some of the new abilities into a single
appliance.



  I am looking for conversation on the newer technologies as well as
thoughts of combining them on a single albeit clustered/HA appliance versus
separate solutions for each function.  Another thing I wrestle with is
single vendor solutions versus hybrid solution that offers some dioversity
and a system of checks and balances.



  Of particular interest is DPI.  From what I read this will be a major
advance that really grants security admins control at the firewall that they
never had before.



  Please share your thoughts.



  Thanks

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards