RE: Checkpoint SmartDefense

["Dimitrios Patsos" <dpat () space gr>]

Hi Fergus,

Regarding your SmartDefense questions, my experience on this CP feature recommends that:

1) in practice, it supplements the Application Intelligence FW-1 already has. For zero-day attacks, you can never be 
sure that a
"skinny" IPS/IDS solution like SmartDefense will be enough. So far, it has performed pretty good considering the amount 
of money you
spend for a single gateway (which make SmartDefense a MUST in FW-1 gateways). Spend some time and look for Web 
Intelligence though,
a CP feature that does behavioral-based analysis - not single pattern matching.

2) SmartDefense is just what its name indicates: smart (not intelligent). The intelligence lies on the FW-1 itself. The 
combination
though performs great (and fast!). You can be sure that Check Point will provide you with important updates in time. 
There are lots
of people in CP HQ that deals with maintaining SmartDefense and publishing updates.

3) As every CP product or service, it is not that difficult to configure and maintain, considering that you know the IT 
environment
very good (so that you do not have to mess with false positives). Spend some time in fine tuning as well.

4) SmartDefense comes as an annual service, so I do not see a reason why it should be different in Interspect. Never 
tested
SmartDefense in Interspect myself.

Regards,

Dimitrios G. Patsos
ΙΤ Security Consultant
===================
SPACE HELLAS S.A.
===================
Email dpat () space gr

-----Original Message-----
From: Fergus Brooks [mailto:fergwa () gmail com] 
Sent: Wednesday, May 18, 2005 2:10 PM
To: focus-ids () securityfocus com
Subject: Checkpoint SmartDefense

Hi all,

I am getting some mixed messages regarding this feature. 

1) Does it detect zero day attacks in real time and
recommend/implement remediation

2) How intelligent is it?

3) Is it difficult to configure & maintain?

4) Is this feature different on the Interspect and standard FW-1 boxes


Any comments and real world examples greatly appreciated!

Thanks & regards.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------