Firewall Wizards mailing list archives
Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 26 May 2006 09:24:24 -0400
Frank Pawlak wrote:
I agree that the security industry is all but dead, but what are the big financial firms, or perhaps the gov using for security systems.
Government security efforts have nearly zero effect on the industry. Because of the way computing is practiced by the feds, it's largely contractors doing IT nowadays. The contracting process emphasizes using the usual software in the usual way - and since the contractors are expected to be working on a level playing field it's pretty much all just off-the-shelf software. Indeed, in the 90's there was a very strong movement away from custom software for the federal government, due to some of the monstrously expensive failures of the late 80's. Unfortunately, what's happened is that government's failure to do cost-effective program management for custom code has resulted in the baby being thrown out with the bath water: the entire idea of "custom code for government applications" is reduced to "only when necessary." The end result is that the government's systems run pretty much on the exact same stuff as the private sector, only it's more often out of date and poorly maintained because of procurement cycles and contracting. If you have to pay someone else to install Windows for your desktops, how often do you think it gets updates? The big commercial firms are an interesting question, though. There's the ones that are innovating in non-computing fields, and they mostly use computing in a supporting role. In that environment, there's no need for innovative use of information technology. But the places where there is innovation going on - is largely custom code or extremely clever customizations of existing code. WALMART, Amazon, Ebay, Google, need I say more? The big financial firms - Wall Street and banking, supposedly write more code in-house than any other industry in the US, right now. Obviously, I'm biassed. :) I know that I believe that the do-it-yourselfers are the innovators, and the innovators are the ones that break away from the herd and get things done. It's part of the endlessly repeating cycle, in which someone has a good idea, writes something that's unique and cool, and is eventually caught up to and crushed by the moo-ing hordes. In market analysts' terms an industry is considered "mature" when the innovators have gone on to do other things and the market is filled with providers that are offering safe solutions that don't challenge the herd's comfortable awareness that their using the same version of (whatever) that their golfing buddies are using. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG), (continued)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Paul D. Robertson (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Dave Piscitello (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 25)
- Message not available
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) George Capehart (May 25)
- Message not available
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Frank Pawlak (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Jim Seymour (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Frank Pawlak (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Carson Gaspar (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 25)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) sushil menon (May 27)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 28)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) ArkanoiD (May 30)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Marcus J. Ranum (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Chris Blask (May 26)
- Re: Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG) Oliver Humpage (May 28)