IDS mailing list archives

Re: Checkpoints Smartdefense as an IPS

From: Tommy May <tommymay () comcast net>
Date: Tue, 28 Apr 2009 15:59:30 +0000 (UTC)

I haven't dealt with SmartDefense for a long time - but when I did, the advantages was that there was no political 
battle to fight for getting another device to go inline of traffic - as folks are already accustomed to having the 
firewall there inspecting traffic, to some degree.

The disadvantages (from my perspective only at the time) was that the individual tuning parameters were not extremely 
granular... so when there were false positives triggered for blocking, it was 'an all or nothing' remediation required 
to address the issue - i.e. turn the signature off alltogether.

So - in a practical sense, it comes down to requirements.  If it is simply to address an 'audit or compliance 
checkmark' requirement, then something like SmartDefense was fantastic for an enterprise who already had deployed 
Checkpoint as a firewall and was well used to administering and maintaining the solution.  However, to achieve real 
detective vigilance I would recommend augmenting the solution with passive IDS at key monitoring points.  In my 
experience, you will rarely get a specific directive from anyone in the enterprise that will clarify this for you - you 
sort of have to get a gut feel.

Sorry for the 'gray' answer, but thats simply my opinion based on what I have seen.  :)

(Also, please note that I havent dealt with Checkpoint now in several years, so there may have been significant 
advancements made to SmartDefenses tunability since then) 

Hope this helps...

Tommy


----- Original Message -----
From: "a bv" <vbavbalist () gmail com>
To: focus-ids () securityfocus com
Sent: Tuesday, April 28, 2009 4:00:52 AM GMT -05:00 US/Canada Eastern
Subject: Checkpoints Smartdefense as an IPS

Hi list,

I want to ask to list for the opinion on Checkpoints Smartdefense. For
the past and current users , how enough/successfull  do you find it as
an ips for your enterprise? Do you use additional ids/ips if so what
purposes and to monitor what segments/parts of your infrastructure.?
And how do you deploy,manage Smartdefense?

Regards

Current thread:

Checkpoints Smartdefense as an IPS a bv (Apr 28)
- Re: Checkpoints Smartdefense as an IPS Laurens Vets (Apr 28)
- Re: Checkpoints Smartdefense as an IPS Tommy May (Apr 28)
- Re: Checkpoints Smartdefense as an IPS Jaime Díaz (Apr 28)
- Re: Checkpoints Smartdefense as an IPS John Jasen (Apr 29)