IDS mailing list archives
RE: IDS, IPS or just rubbish
From: "Andrew Plato" <aplato () anitian com>
Date: Wed, 25 Jun 2003 18:36:38 -0700
Checkpoint are pushing this patch to NG FP3 FW-1 as an all-in-one solution whereby you wouldn't need an IDS as well as a firewall. In Hong Kong they have over 70% of the firewall market - their market penetration is similar worldwide - in order to gain competitive advantage they are trying to crush the IDS/IPS market. Maybe they've been partying with Gartner.
They're just doing what a lot of vendors are. Retooling their products to be competitive against IPS technologies. No harm in that. But, it does sound like there is a lot of BS in this IPS pitch from them.
Their big push is that they are doing application-layer stuff now which anyone who knows firewalls will know is what Sidewinder, Gauntlet and Axent (Symantec) have been doing for years.
Actually, so has WatchGuard. I have come to LOVE the WatchGuard SMTP proxy, because it can dump all nasty attachments and filter out some spam. The fact that CP is claiming they were first does seem disingenuous.
They kept telling me about SQL Slammer and how this solution will stop it. What utter crap. Can anyone on this list tell me of a signature-based IDS which picked Slammer up in the 2-odd hours it needed to propogate?
ISS RealSecure, Symantec ManHunt, NFR, and Cisco IDS all had signatures on the day slammer hit. ISS had a signature about 3 months before slammer.
There has been a lot of discussion here about the future of IDS - I think I've seen Checkpoint's vision ....... Treat us all like fools. Zero-day detection my ****.
I think you're being a little harsh on IPS. Although from the sound of it, CheckPoint's answer to IPS sounds kind of weak. I've had IPSs running in my network for 3 years, and they can be a real asset when some new attack comes out. My Guard box does a very nice job of killing all the Code Reds, and variants of it. Don't give up on IPS yet. <sales> If you have time, give RealSecure Guard, TopLayer's Attack Mititgator, or NAIs IntruVert a try. These are outstanding technologies that really can offer significant improvement in stopping known and new attacks. And they aren't some weak little add-on to another technology. They're ground-up IPS technologies. </sales> ___________________________________ Andrew Plato, CISSP President / Principal Consultant Anitian Corporation Enterprise Security & Infrastructure Solutions 503-644-5656 Office 503-644-8574 Fax 503-201-0821 Mobile www.anitian.com ___________________________________ ------------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com -------------------------------------------------------------------------------
Current thread:
- RE: IDS, IPS or just rubbish James Cutter (Jun 25)
- RE: IDS, IPS or just rubbish Fergus Brooks (Jun 26)
- <Possible follow-ups>
- RE: IDS, IPS or just rubbish Andrew Plato (Jun 26)