Firewall Wizards mailing list archives
Re: Enterprise Security Management - Dream or reality
From: Iván Arce <core.lists.firewall-wizards () core-sdi com>
Date: 2 Jan 2001 21:03:49 -0300
Hello, So far ive corresponded with Maddy out of the list to prevent what could be seen as a shameless commercial plug to our company's product. But i believe it might be helpful to elaborate a bit on WHY we wrote our own thing Also, there is a couple of products that are not included in Maddy's list: - Unisys Single Point security suite - Tivoli SecureWay now onto the topic... ----- Original Message ----- From: "Talisker" <Talisker () networkintrusion co uk> Newsgroups: core.lists.firewall-wizards To: "Maddy" <mwlalex () magix com sg>; "Predrag Zivic" <pzivic () yahoo com> Cc: "fw-wiz" <firewall-wizards () nfr net> Sent: Tuesday, January 02, 2001 8:11 PM Subject: Re: [fw-wiz] Enterprise Security Management - Dream or reality
Maddy [on list] Is it essential to use just one vendor? Many security products are interoperable these days, this way you can use the best of breed from each category. I missed the original post so I apologise if I've got the wrong end of the stick.
There's exactly the problem that the 'subject' line on maddy's mail suggests. Many security products *claim* to be interoperable but they are not in the real world, specially if you consider large organizations with complex networks. Although the building blocks for making them work together are present the effort needed (in terms of money/time and technical expertise) makes the interoperability goal infeasible. That is exactly the problem we (CORE-SDI) faced 2 years ago and that is one of the reasons that decided us to write our own product. The fact is that (as far as i know) NONE of the mentioned products or even suites were designed to work in an integrated fashion, and that means a lot more than having a single management console. Also, it is fairly easy to select best of breed products for certain categories (antivirus, firewalls, IDSes, VPNs setups) but it is not so for other categories and you end up with a bunch of products that are good by themselves but do not provide a blanket/ homogeneous solution for the whole corporate network security, specially when that network is comprised of a very heterogeneous set of platforms and applications. It should be mentioned that the acclaimend security suites are generally a set of point products adquired by big security companies from smaller companies and then wired to work together in a sometimes lets say not very elegant fashion OR they are blanket solutions that evolved from products of companies not really dedicated to information security. Finally, a key aspect of such a solution is maintainability/support or whatever you want to call it. Having several point products integrated is costly but suppossing you've done it, the next problem will be to keep up with whatever the different vendors chose to do with their products and either have new features integrated again or live with outdated versions of them.
Whilst it is easier to have all your security arsenal from the same
vendor,
some of the products they acquire to make up the "suite" aren't
necessarily
good at what they do.
Reading this, the term 'security in depth' comes to mind, surely you dont want something that will replace the security infraestructure already deployed and have your security dependant on one vendor. IMHO the good thing would be to have something that integrates the existing infraestructure giving you the ability to still use point products for certain things , the things they are good for.
There can be a benefit from having a single reporting console, but from experience I don't like to see HIDS and NIDS output on the same screen,
with
the exception of router output on the NIDS screen. Therefore does the
NIDS
and HIDS need to be the same vendor? Moreover, if you do need
correlation,
most NIDS and HIDS etc feed into their respective databases, you can link the info using cross table queries.
And for this you will have to spend a lot of time in the painfull process of making sense out of the different db format and entries in order to unify the output into something meanignful. I've had contact with a group of persons doing exactly that during the past months and I know it is a tiresome and unrewarding process.
There can also be a financial saving in buying from a variety of vendors.
it can aswell be exactly the opposite and that was one of the other reasons for writing our own. Anyway, im not trying to plug anything in particular and purposely didnt mention our own product, i am more interested in the discussion of why ESM is worse of better than best of breed point products, what are the pros and con of each approach and how to evaluate technically a ESM type of solution. Then again, perhaps it is OT for firewall-wizards . -ivan
----- Original Message ----- From: "Maddy" <mwlalex () magix com sg> To: "Predrag Zivic" <pzivic () yahoo com> Cc: "fw-wiz" <firewall-wizards () nfr net> Sent: Saturday, December 30, 2000 4:56 PM Subject: Re: [fw-wiz] Enterprise Security Management - Dream or realityThk u all for responding to my dream security setup. Ok, my list has grown now to : Definite considerations 1) Pentasafe (Security Manager) 2) Computer Associate (eTrust) 3) Symantec (Not sure if there's a single name) Possible considerations 1) Hewlett Packard (ITO) 2) ISS (haven't check them out yet) 3) CSS (haven't check them out yet) 4) [ Create my own software like what Ivan Arce did ] :) For those who are keen to know the results of our evaulation, feel free to email me and I will share with you the outcome later. I would also welcome and appreciate any further feedbacks from anyone. Thks guys (Ivan, Gary, James, and Predrag), for being so helpful !http://www.nfr.com/mailman/listinfo/firewall-wizards
--- "Understanding. A cerebral secretion that enables one having it to know a house from a horse by the roof on the house, Its nature and laws have been exhaustively expounded by Locke, who rode a house, and Kant, who lived in a horse." - Ambrose Bierce ==================[ CORE Seguridad de la Informacion S.A. ]========= Iván Arce Presidente PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A email : iarce () core-sdi com http://www.core-sdi.com Florida 141 2do cuerpo Piso 7 C1005AAG Buenos Aires, Argentina. Tel/Fax : +(54-11) 4331-5402 ===================================================================== --- For a personal reply use iarce () core-sdi com _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Enterprise Security Management - Dream or reality Maddy (Jan 02)
- Re: Enterprise Security Management - Dream or reality Talisker (Jan 02)
- Re: Enterprise Security Management - Dream or reality Iván Arce (Jan 03)
- <Possible follow-ups>
- Re: Enterprise Security Management - Dream or reality Maddy (Jan 03)
- Re: Enterprise Security Management - Dream or reality Predrag Zivic (Jan 03)
- Re: Enterprise Security Management - Dream or reality Talisker (Jan 02)