Firewall Wizards mailing list archives
Re: State of security technology for the enterprise
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 30 Apr 2009 17:06:52 -0400 (EDT)
On Thu, 30 Apr 2009, Chris Hughes wrote:
"mainstream" as missing the mark. The problem is, on an enterprise level, most companies are not willing to look at open source solutions or vendors they have never heard of. They want brand names that can be supported by a wide audience of engineers.
I've never seen that level of reluctance at any large enterprise I've worked or consulted for. In fact, in these economic times, "it's free" is a lot more palatable than "you need to spend $10,000." I'd gently suggest that the security "sale" for the requirement isn't being done well enough if you can't choose best of breed open source tools- especially if the argument is "wide audeience of engineers." If your "wide audience" is that narrowly focused, then I'd suggest removing the term "engineer" from their titles and substituting "monkeys!"
My purpose was not to offend you or become viewed as ignorant. My purpose is to solicit opinions on these technologies which appear to me and the folks I deal with as "new". I will look at IBM's offering as you suggest.
"Deep packet inspection" has been on the market as such for a number of years as the challengers to "stateful packet inspection" looked for their own marketing term. The "problem" with DPI is that to do it right, you basically have to mimic the fragmentation, ordering and reassembly of an IP stack, then know what to look for as "bad"- by the time you've written all of that, you may as well have written a real proxy where you know the effects of that and you've got a mature implementation that's been in the field for years- so the code bugs are hopefully already addressed. We've all seen how well proxies adapted to "new" stuff, and DPI has had the same set of issues- the problem isn't so much the buzzword as the amount of work necessary to do a good job coupled with the brain-deadedness of most application protocols (security is not addressed in this document...) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." Moderator: Firewall-Wizards mailing list Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- State of security technology for the enterprise Chris Hughes (Apr 29)
- Re: State of security technology for the enterprise ArkanoiD (Apr 29)
- Re: State of security technology for the enterprise miedaner (Apr 29)
- Re: State of security technology for the enterprise Marcin Antkiewicz (Apr 30)
- <Possible follow-ups>
- Re: State of security technology for the enterprise Chris Hughes (Apr 30)
- Re: State of security technology for the enterprise Paul D. Robertson (Apr 30)
- Re: State of security technology for the enterprise Marcus J. Ranum (Apr 30)
- Re: State of security technology for the enterprise Paul D. Robertson (Apr 30)
- Re: State of security technology for the enterprise Brian Loe (Apr 30)
- Re: State of security technology for the enterprise Paul D. Robertson (Apr 30)
- Re: State of security technology for the enterprise Paul D. Robertson (Apr 30)