Re: State of security technology for the enterprise

["Paul D. Robertson" <paul () compuwar net>]

On Thu, 30 Apr 2009, Chris Hughes wrote:

> "mainstream" as missing the mark.  The problem is, on an enterprise level,
> most companies are not willing to look at open source solutions or vendors
> they have never heard of.  They want brand names that can be supported by a
> wide audience of engineers.  

I've never seen that level of reluctance at any large enterprise I've 
worked or consulted for.  In fact, in these economic times, "it's free" is 
a lot more palatable than "you need to spend $10,000."  I'd gently suggest 
that the security "sale" for the requirement isn't being done well enough 
if you can't choose best of breed open source tools- especially if the 
argument is "wide audeience of engineers."  If your "wide audience" is 
that narrowly focused, then I'd suggest removing the term "engineer" from 
their titles and substituting "monkeys!"

> My purpose was not to offend you or become viewed as ignorant.  My purpose
> is to solicit opinions on these technologies which appear to me and the
> folks I deal with as "new".  I will look at IBM's offering as you suggest.

"Deep packet inspection" has been on the market as such for a number of 
years as the challengers to "stateful packet inspection" looked for their 
own marketing term.  The "problem" with DPI is that to do it right, you 
basically have to mimic the fragmentation, ordering and reassembly of an 
IP stack, then know what to look for as "bad"- by the time you've written 
all of that, you may as well have written a real proxy where you know the 
effects of that and you've got a mature implementation that's been in the 
field for years- so the code bugs are hopefully already addressed.  We've 
all seen how well proxies adapted to "new" stuff, and DPI has had the same 
set of issues- the problem isn't so much the buzzword as the amount of 
work necessary to do a good job coupled with the brain-deadedness of most 
application protocols (security is not addressed in this document...)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
           Moderator: Firewall-Wizards mailing list
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards