Re: [fw-wiz] Integrated IDS/IPS/Firewall (Cisco ASA and Juniper ISG)

At 09:11 AM 26/05/2006, ArkanoiD wrote:


On Thu, May 25, 2006 at 08:24:17PM -0400, Marcus J. Ranum wrote:

My guess is that that VCs would split a rib laughing if someone came
to them with a business plan for a new firewall company. :)

Damn sure. And maybe that's why we have nothing like "Gauntlet on steroids"
(flexible, expandable and supported with development team who is willing
to help to integrate it with any customer application) these days, though
there definitely *is* some niche market demand for it.

We spend too much time complaining about the shape of the landscape, not enough time building communities that fit into it.

Why should any non-Infosec decision maker believe that our Perfect Firewall will make them safe? It won't: they'll be hacked from the inside/wirelessly/through an unauthorized connection. Nothing we as an industry have delivered is any better than anything else at making customer X safer from the risks they face, so why should they listen to us? The only places to date we can (sometimes) actually provide decent security is where the dollars involved are so huge they justify the expense, or where someone who can follow this thread works (but then they get a new job, and their employer is screwed again). Is it a shoe manufacturer's fault that our industry has produced no empirical metrics that would differentiate the qualities of good and bad ideas?

It's the maturity phase of the market that I can't wait for (though it may start getting boring about then). It is essentially impossible to offer SAS-level advice (to add one last military analog) in the current market, because we are still arguing about what a gun is.



The man who never alters his opinion is like standing water, and breeds reptiles of the mind.

-William Blake

Chris Blask

No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.1.392 / Virus Database: 268.7.0/345 - Release Date: 22/05/2006

firewall-wizards mailing list