IDS mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to choose an IDS/FW MSS provider

From: "David W. Goodrum" <dgoodrum () nfr com>
Date: Fri, 11 Mar 2005 10:14:23 -0500
What looks good with ISS, MSS Dept is that you have somehow the X-Force support http://xfoce.iss.net ; as far as I know and tell me if I am wrong, ISS is the only security provider having an R&D dept which is the X-Force team.
If you mean that ISS is the only company doing R&D I'd have to disagree, plenty of other competent vendors out there are doing R&D.
Also, my question was about how to choose an IDS *AND* FW firewall. I know I am a bit out of the topic of this mailing-list but you can be good at IDS and maybe bad at firewalls which are much more complex through.
Many IDS vendors are integrating Firewalls into their product, just like Firewall vendors are trying to catch up on the Layer 7 analysis. Both types of technologies are coming tgether to some degree. We've actually embedded pf (freebsd's firewall) into our product now. The difference really will be WHERE you want to deploy and what your requirements are. For example, most companies with IPS products (such as ISS, NFR, etc), are generally implemented in a "bridging" mode. i.e. even though they are doing firewalling, they are still invisible to the network and don't require changes to the network architecture to implement them. Bridging firewalls are probably not what you want on the perimeter, and so you should look to a more traditional firewall. Traditional firewalls are not invisible, meaning they can do more traditional firewall roles including NAT, routing, and other fun stuff. The downside there is that they are also exposed to attack. What I'm getting at is that Defense in Depth still applies, even though these two technologies seem to be coming together rather quickly. If you deploy a true routing firewall on your perimeter, you should protect it with an invisible IPS product (there have been plenty of cases of routing firewalls being compromised). Internally, when you create your quarantine areas, most organizations don't require advanced firewalling features such as NAT and routing. In those cases, it might be a good fit for a bridging firewall (like today's IPS vendors). 

Does anybody care about best of breed anymore?
PS: and once again, ISS is in the gane for 10 long years. What about the competitors? 


NFR was founded in 1996 and still chugging away.  ;)


Thanks,

Stephane
-------------------------------------------------------------------------- 
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- 



--
David W. Goodrum
Senior Systems Engineer
NFR Security
703.731.3765


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. 
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: