RE: IPS, alternative solutions

["Murtland, Jerry" <MurtlandJ () Grangeinsurance com>]

I've been reviewing options for Network Admission Control as well to ensure
consistency of approved applications and disallowing unapproved applications
and the other inherent sanity checks such as patching, .dats, etc.  The two
that I've seen so far that best addresses the issues are Sygate and ZoneLabs
(same or not).  Cisco has their SA product and we are looking into that
also.  I'm interested to learn what options you are looking at and what your
opinion is on those solutions.

Jerry J. Murtland, CISSP



-----Original Message-----
From: Jason Haar [mailto:Jason.Haar () trimble co nz]
Sent: Wednesday, September 15, 2004 9:09 PM
To: focus-ids () securityfocus com
Subject: Re: IPS, alternative solutions


On Wed, Sep 15, 2004 at 03:47:28PM -0400, Jason wrote:
> I would be seriously interested in an ROI that can demonstrate savings.
>
> The simple question is how is inline packet scrubbing easier and more 
> cost effective than patching?

It isn't.

I think the business community is starting to realise that in this Microsoft
dominated world, we can no longer exclusively rely on "external"
infrastructure like firewalls and NIDS to protect our machines - we have to
make our machines more secure.

The advent of Windows Updates and SUS are signs that Microsoft is listening
and learning. Of course I could rant on at length about the *culture* of
Windows being the much harder nut to crack (local admin privs anyone?), but
it's moving in the right direction.

Firewalls and NIDS are obviously good to have (required isn't probably too
strong a word), but once you have a good, working and productive "network
protection" infrastructure in place, your security gaze rightfully falls
back on those darn Windows boxes again...

In the medium term our company going down the Network Admission Control
route:
don't allow a machine onto the corporate network unless it has been VETOED
by the network as being patched, up to date, etc. Interestingly, this
"network solution" reinforces my point - it's all about bring consistency
and security standards to the end-user PC...

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------