Firewall Wizards mailing list archives
Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: Frank Pawlak <fpawlak () wi rr com>
Date: Thu, 25 May 2006 20:12:49 -0500
Marcus, I agree that the security industry is all but dead, but what are the big financial firms, or perhaps the gov using for security systems. Yeah I know about the VA and what they stupidly did who really knows how long ago. How about Amazon.com? Or has this all gotten down to net admin and management? Regards, Frank At 07:24 PM 5/25/2006, Marcus J. Ranum wrote:
Robert A Beken wrote:I have a question for the group about this new trend of using a single firewall for all IDS and Firewall related tasks in an integrated box for enterprise organizations (not SOHO). I personally think it's a bad idea and lacks flexibility in configuration and "defense in depth" posture towards security. What are other people's thoughts?I think it's going to happen no matter what anyone wants. Because the security market is consolidating into 2 types of companies: - single solution VC-backed start-ups chasing the hot topic du jour - huge mega corporations that don't actually develop anything and simply buy and integrate technologies to a greater or lesser degree My guess is that that VCs would split a rib laughing if someone came to them with a business plan for a new firewall company. :) So the funding for the established security technologies is going to dry up which means that the big companies have commoditized it and the standalone players have to either sell out or go out of business. Basically, 'best of breed' only survives in a market that has not stabilized yet, and security has stabilized to the point where, basically, it's just marketing weasels coming up with cool new names for proxies, packet filtering, and signature matching. I agree with you that best of breed and defense in depth make a great deal of sense but the commercial security market will likely not supporta vibrant vendor-base much longer. Indeed, my guess is that security, as a market separate from network infrastructure/management and system administration is not likely to last another 10 years. If you look at the current trends, it may even happen that the security market will be mostly gone in 5. Once the big players have absorbed enough basic security features they'll be able to suck the oxygen away from the remaining small players by offering those features as freebie option-ons and it's "game over, man." By the way, NONE of this will result in the end users having usable and effective security. Remember, the security market does not exist to provide security; it exists for itself. When it's a dried-out husk the game will move someplace else and you'll STILL have insecure systems. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG), (continued)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) R. Rocky (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Johann_van_Duyn (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Paul D. Robertson (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Dave Piscitello (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 25)
- Message not available
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 25)
- Message not available
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Frank Pawlak (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Jim Seymour (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Frank Pawlak (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Carson Gaspar (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 27)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 28)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 30)