Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)

From: Frank Pawlak <fpawlak () wi rr com>
Date: Thu, 25 May 2006 20:12:49 -0500
Marcus,

I agree that the security industry is all but dead, but what are the 
big financial firms, or perhaps the gov using for security 
systems.   Yeah I know about the VA and what they stupidly did who 
really knows how long ago.  How about Amazon.com?  Or has this all 
gotten down to net admin and management?

Regards,
Frank

At 07:24 PM 5/25/2006, Marcus J. Ranum wrote:

Robert A Beken wrote:

I have a question for the group about this new trend of using a single
firewall for all IDS and Firewall related tasks in an integrated box for
enterprise organizations (not SOHO).  I personally think it's a bad idea
and lacks flexibility in configuration and  "defense in depth" posture
towards security.  What are other people's thoughts?



I think it's going to happen no matter what anyone wants. Because
the security market is consolidating into 2 types of companies:
- single solution VC-backed start-ups chasing the hot topic du jour
- huge mega corporations that don't actually develop anything and
        simply buy and integrate technologies to a greater or lesser
        degree

My guess is that that VCs would split a rib laughing if someone came
to them with a business plan for a new firewall company. :) So the
funding for the established security technologies is going to dry up
which means that the big companies have commoditized it and
the standalone players have to either sell out or go out of business.
Basically, 'best of breed' only survives in a market that has not
stabilized yet, and security has stabilized to the point where, basically,
it's just marketing weasels coming up with cool new names for proxies,
packet filtering, and signature matching.

I agree with you that best of breed and defense in depth make a great
deal of sense but the commercial security market will likely not supporta
vibrant vendor-base much longer. Indeed, my guess is that security,
as a market separate from network infrastructure/management and
system administration is not likely to last another 10 years. If you
look at the current trends, it may even happen that the security market
will be mostly gone in 5. Once the big players have absorbed enough
basic security features they'll be able to suck the oxygen away from the
remaining small players by offering those features as freebie option-ons
and it's "game over, man."

By the way, NONE of this will result in the end users having usable
and effective security. Remember, the security market does not exist
to provide security; it exists for itself. When it's a dried-out husk the
game will move someplace else and you'll STILL have insecure
systems.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: