Firewall Wizards mailing list archives
Re: State of security technology for the enterprise
From: ArkanoiD <ark () eltex net>
Date: Thu, 30 Apr 2009 00:23:27 +0400
You are kidding calling those technologies "new"? Actually we do need something new. Think entitlement management, role-based access control, data flow tracking, emdedded security tokens, OWASP frameworks, XML filtering etc. At least document fingerprinting and discovery as poor man's solution. And configuration management and endpoint security solutions (not just "AV"!) for sure. We all are going nowere because we are stuck into our old toys - DPI, IDS, AV, VPN etc and actually have no idea how data flow *should* be managed - and you are afraid of "potentialy immature technologies"? God damn, everything you list is old as mammoth's fossilized crap! Well, have a look at IBM's Datapower at least - much of your data flow is XML, right? And forget that Cisco makes "firewalls". Those are not worth their power supply units. On Wed, Apr 29, 2009 at 09:30:47AM -0400, Chris Hughes wrote:
Hello all. I am currently developing a strategy for evolving the security for my enterprise network. Currently I protect the core network (servers and services) and internet with inline sensors, use HIDS on all client machines (which performs event correlation with the inline sensors) content filtering, use of AV on all hosts, SSL and IPSec VPN and spamfiltering on the edge. In reviewing the latest offerings I see that there are new and potentially immature technologies that may be the direction I need to look. These include: DPI (deep packet inspection) firewalls Content filtering on the firewall SSL proxying with decryption for filtering abuse and data leak DLP - related to ssl filtering but with the addition of protecting data at rest from leaving the network. VMWARE/Hypervisor sensors to protect my virtual infrastructure The vendors offerings I am reviewing include: Cisco ISS Juniper Fortinet Palo Alto If I omitted serious contenders from my list please bring them to my attention. I also have a feature matrix I am willing to share if anyone is interested. Cisco has point product solutions for the most part but Juniper, Palo Alto and Fortinet are combining some of the new abilities into a single appliance. I am looking for conversation on the newer technologies as well as thoughts of combining them on a single albeit clustered/HA appliance versus separate solutions for each function. Another thing I wrestle with is single vendor solutions versus hybrid solution that offers some dioversity and a system of checks and balances. Of particular interest is DPI. From what I read this will be a major advance that really grants security admins control at the firewall that they never had before. Please share your thoughts. Thanks email protected and scanned by AdvascanTM - keeping email useful - www.advascan.com
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- State of security technology for the enterprise Chris Hughes (Apr 29)
- Re: State of security technology for the enterprise ArkanoiD (Apr 29)
- Re: State of security technology for the enterprise miedaner (Apr 29)
- Re: State of security technology for the enterprise Marcin Antkiewicz (Apr 30)
- <Possible follow-ups>
- Re: State of security technology for the enterprise Chris Hughes (Apr 30)
- Re: State of security technology for the enterprise Paul D. Robertson (Apr 30)
- Re: State of security technology for the enterprise Marcus J. Ranum (Apr 30)
- Re: State of security technology for the enterprise Paul D. Robertson (Apr 30)
- Re: State of security technology for the enterprise Brian Loe (Apr 30)
- Re: State of security technology for the enterprise Paul D. Robertson (Apr 30)
- Re: State of security technology for the enterprise Paul D. Robertson (Apr 30)