Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)



Marcus,

I agree that the security industry is all but dead, but what are the
big financial firms, or perhaps the gov using for security
systems. Yeah I know about the VA and what they stupidly did who
really knows how long ago. How about Amazon.com? Or has this all
gotten down to net admin and management?

Regards,
Frank

At 07:24 PM 5/25/2006, Marcus J. Ranum wrote:
Robert A Beken wrote:
I have a question for the group about this new trend of using a single
firewall for all IDS and Firewall related tasks in an integrated box for
enterprise organizations (not SOHO). I personally think it's a bad idea
and lacks flexibility in configuration and "defense in depth" posture
towards security. What are other people's thoughts?


I think it's going to happen no matter what anyone wants. Because
the security market is consolidating into 2 types of companies:
- single solution VC-backed start-ups chasing the hot topic du jour
- huge mega corporations that don't actually develop anything and
simply buy and integrate technologies to a greater or lesser
degree

My guess is that that VCs would split a rib laughing if someone came
to them with a business plan for a new firewall company. :) So the
funding for the established security technologies is going to dry up
which means that the big companies have commoditized it and
the standalone players have to either sell out or go out of business.
Basically, 'best of breed' only survives in a market that has not
stabilized yet, and security has stabilized to the point where, basically,
it's just marketing weasels coming up with cool new names for proxies,
packet filtering, and signature matching.

I agree with you that best of breed and defense in depth make a great
deal of sense but the commercial security market will likely not supporta
vibrant vendor-base much longer. Indeed, my guess is that security,
as a market separate from network infrastructure/management and
system administration is not likely to last another 10 years. If you
look at the current trends, it may even happen that the security market
will be mostly gone in 5. Once the big players have absorbed enough
basic security features they'll be able to suck the oxygen away from the
remaining small players by offering those features as freebie option-ons
and it's "game over, man."

By the way, NONE of this will result in the end users having usable
and effective security. Remember, the security market does not exist
to provide security; it exists for itself. When it's a dried-out husk the
game will move someplace else and you'll STILL have insecure
systems.

mjr.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
    ... firewall for all IDS and Firewall related tasks in an integrated box for ... the security market is consolidating into 2 types of companies: ... the standalone players have to either sell out or go out of business. ... deal of sense but the commercial security market will likely not supporta ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
    ... the security market is consolidating into 2 types of companies: ... stabilized yet, and security has stabilized to the point where, basically, ... basic security features they'll be able to suck the oxygen away from the ... game will move someplace else and you'll STILL have insecure ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)
    ... the security market is consolidating into 2 types of companies: ... stabilized yet, and security has stabilized to the point where, basically, ... basic security features they'll be able to suck the oxygen away from the ... game will move someplace else and you'll STILL have insecure ...
    (Firewall-Wizards)
  • Re: [Full-disclosure] Death of a Gay h4x0r!
    ... Well, if you you don't wanna play the game, then don't play the game. ... dooring of the Qualys Vulnerability Scanner as well as being the ... Security Developer at Qualys Inc. ... Information Technology and Services industry ...
    (Full-Disclosure)
  • Re: What is wrong with the Ryder Cup?
    ... Excuse me, but when I last looked, golf is just a GAME, so everything ... safety and security were paramount. ... When you and I play for fun, golf is a game. ...
    (rec.sport.golf)