Firewall Wizards mailing list archives
Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Mon, 12 Aug 2002 19:53:14 -0400
Crispin Cowan wrote:
Is anyone besides me sick to death of hearing about "intrusion prevention" and "gateway intrusion detection" technologies?
It doesn't bother me. :) It's just marketing idiots doing thier thing. I can tell you _exactly_ how it happened. Some company builds a useful IDS/Firewall thingum and one of their marketing idiots says "I KNOW! Rather than compete on feature comparisons, quality, and price, let's DEFINE A NEW CATEGORY OF THE MARKET and then we won't have any competitors and our investors/shareholders will be impressed and nobody will ask us 'is Checkpoint going to eat your lunch?'!!!" And sometimes it works if they pay the Gartner/Giga/etc researchers off enough to spin it as a separate category and list them as visionaries. During the Internet Bubble most companies changed their focus from being technology companies that market to technical folks. Now they are technology companies that market to unsophisticated end users, analysts, and stock pickers - a non-technical constituency that is impressed by big fancy sounding stuff. Why have a hammer when you can have an "inertially compensated enhanced linear impact generator"!!! Hey! That's a whole new market segment waiting to be explored!!!
To me, this is a firewall.
Actually: IDS VPN routers honeypots Firewalls URL filters boundary antivirus caching proxies are all the same thing, from a sufficiently high level. There are feature sets that many of these have in common (signatures, logging, filtering, alert processing, data decoding, protocol decoding, deception) etc that could easily integrate into a single box. A commercial entity would have a hard sell doing so, unless they were adequately funded to develop and market a technology that competed with, basically, the entire security products market.* Doing it right (so it'd be fast and efficient) would mean building the complete system from scratch so the components would work together smoothly: you couldn't build it by buying one of each and glueing them together. So, yes, the "intrusion prevention" products are really just antivirus shims, firewall shims, and some IDS protocol decoding and logic. As you say, that doesn't make it bad. It's just the marketing idiots that bug you. That just shows that you're normal, and have a working brain. ;) mjr. (* except for the PKI guys but nobody cares about them anymore) --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjr () ranum com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Paul D. Robertson (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ryan Russell (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Frank Knobbe (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ryan Russell (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Barney Wolff (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name B. Scott Harroff (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Frank Knobbe (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Iván Arce (Aug 13)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 14)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Mikael Olsson (Aug 14)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 16)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Crispin Cowan (Aug 17)
- RE: GIDS, Intrusion Prevention: A Firewall by Any Other Name Ofir Arkin (Aug 17)
- Re: GIDS, Intrusion Prevention: A Firewall by Any Other Name Marcus J. Ranum (Aug 12)