IDS mailing list archives
RE: Checkpoint SmartDefense
From: "Dimitrios Patsos" <dpat () space gr>
Date: Thu, 19 May 2005 09:58:29 +0300
Hi Fergus, Regarding your SmartDefense questions, my experience on this CP feature recommends that: 1) in practice, it supplements the Application Intelligence FW-1 already has. For zero-day attacks, you can never be sure that a "skinny" IPS/IDS solution like SmartDefense will be enough. So far, it has performed pretty good considering the amount of money you spend for a single gateway (which make SmartDefense a MUST in FW-1 gateways). Spend some time and look for Web Intelligence though, a CP feature that does behavioral-based analysis - not single pattern matching. 2) SmartDefense is just what its name indicates: smart (not intelligent). The intelligence lies on the FW-1 itself. The combination though performs great (and fast!). You can be sure that Check Point will provide you with important updates in time. There are lots of people in CP HQ that deals with maintaining SmartDefense and publishing updates. 3) As every CP product or service, it is not that difficult to configure and maintain, considering that you know the IT environment very good (so that you do not have to mess with false positives). Spend some time in fine tuning as well. 4) SmartDefense comes as an annual service, so I do not see a reason why it should be different in Interspect. Never tested SmartDefense in Interspect myself. Regards, Dimitrios G. Patsos ΙΤ Security Consultant =================== SPACE HELLAS S.A. =================== Email dpat () space gr -----Original Message----- From: Fergus Brooks [mailto:fergwa () gmail com] Sent: Wednesday, May 18, 2005 2:10 PM To: focus-ids () securityfocus com Subject: Checkpoint SmartDefense Hi all, I am getting some mixed messages regarding this feature. 1) Does it detect zero day attacks in real time and recommend/implement remediation 2) How intelligent is it? 3) Is it difficult to configure & maintain? 4) Is this feature different on the Interspect and standard FW-1 boxes Any comments and real world examples greatly appreciated! Thanks & regards. -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. -------------------------------------------------------------------------- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Checkpoint SmartDefense Fergus Brooks (May 18)
- RE: Checkpoint SmartDefense Net Shark (May 19)
- RE: Checkpoint SmartDefense Dimitrios Patsos (May 19)
- <Possible follow-ups>
- RE: Checkpoint SmartDefense Ofer Shezaf (May 19)
- RE: Checkpoint SmartDefense THolman (May 19)
- RE: Checkpoint SmartDefense charles . fasching (May 24)
- RE: Checkpoint SmartDefense THolman (May 28)