RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)
From: Chris Blask (chris_at_protegonetworks.com)
Date: 02/26/04
- Previous message: Christian Kreibich: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- In reply to: Ben Nagy: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Next in thread: Bennett Todd: "Re: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Reply: Bennett Todd: "Re: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Ben Nagy <ben@iagu.net> Date: Thu, 26 Feb 2004 05:23:11 -0800 (PST)
Quoting Ben Nagy <ben@iagu.net>:
>
> Can I just jump in and ask what _exactly_ people think "IPS" means? I
> know I'm asking for a definition debate and we've all seen a bunch of those
> over the years, but I'm concerned that the "buzzword" factor has lead to
> compression in terms of vocab.
> I don't see the basic "attach an IDS to a firewall and have the firewall
> do stuff based on signatures" concept as amazingly useful (my personal
> opinion). However lots of companies are producing stuff which they are
> also calling IPS (us included; consider that a disclaimer).
Hi Ben,
[us too included; consider that a disclaimer: though we don't really call it
IPS and we don't bump-on-wire (picture an AWACS plane flying over the
battlefield) - we are essentially a rolloup of IPS and SIM - we leverage the
switched fabric to cut off attacks].
(IMHO) Appliance IPS = new-bump-on-wire. Evolved FW/IDS appliances which are
intelligent enough to stop an attack they are capable of recognizing (seems to
be the standard working def'n). FW with a level of adaptability beyond what
we might be used to with FWs.
A broader def'n of IPS would seem to roll up every comprehensive system
including a Managed Service or good SOC... The "Cisco Self Defending Network"
would be an IPS under that def'n. Too broad a def'n to serve any purpose.
My standing explanation for the appliance IPS market is that folks want *so*
badly to take action against an attack - and SIM vendors have so fully failed
to provide any of that - that the market has said "If I can't have a holistic
Attack Response that can ID and stop attacks to my network, at the very
flippin' least I'll buy a box which can stop attacks on this piece of wire."
All goodness as far as we're concerned - deploying troops on the ground never
hurts - but as far as the new appliance IPS products, I have my doubts as to
whether a whole new shell of boxes scattered throughout a network with their
associated support infrastructures is really viable. We may see a survivor or
two, but I'd put my chips on the existing FW players.
Host IPS is definitely a good thing (why not?).
-woof!
-chris
Chris Blask
Vice President, Business Development
Protego Networks Inc.
(1) 416 358 9885 - Direct
(1) 408 262 5220 - HQ
(1) 408 262 5280 - Fax
blask@protegonetworks.com
www.protegonetworks.com
"The first purpose-built appliance for Real-Time Security Threat Mitigation"
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Christian Kreibich: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- In reply to: Ben Nagy: "RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Next in thread: Bennett Todd: "Re: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Reply: Bennett Todd: "Re: IPS (was: [fw-wiz] Sources for Extranet Designs?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
