[fw-wiz] State of security technology for the enterprise

Hello all.



I am currently developing a strategy for evolving the security for my
enterprise network. Currently I protect the core network (servers and
services) and internet with inline sensors, use HIDS on all client machines
(which performs event correlation with the inline sensors) content
filtering, use of AV on all hosts, SSL and IPSec VPN and spamfiltering on
the edge.



In reviewing the latest offerings I see that there are new and potentially
immature technologies that may be the direction I need to look. These
include:



DPI (deep packet inspection) firewalls

Content filtering on the firewall

SSL proxying with decryption for filtering abuse and data leak

DLP - related to ssl filtering but with the addition of protecting data at
rest from leaving the network.

VMWARE/Hypervisor sensors to protect my virtual infrastructure



The vendors offerings I am reviewing include:



Cisco

ISS

Juniper

Fortinet

Palo Alto



If I omitted serious contenders from my list please bring them to my
attention. I also have a feature matrix I am willing to share if anyone is
interested.



Cisco has point product solutions for the most part but Juniper, Palo Alto
and Fortinet are combining some of the new abilities into a single
appliance.



I am looking for conversation on the newer technologies as well as thoughts
of combining them on a single albeit clustered/HA appliance versus separate
solutions for each function. Another thing I wrestle with is single vendor
solutions versus hybrid solution that offers some dioversity and a system of
checks and balances.



Of particular interest is DPI. From what I read this will be a major
advance that really grants security admins control at the firewall that they
never had before.



Please share your thoughts.



Thanks

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: Firewalls
    ... To enable or disable Internet Connection Firewall ... Open Network Connections ... protect, and then, under Network Tasks, click Change settings of this ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Best practices: Two nics but have harware firewall
    ... I am not aware of any application layer filtering in WatchGuard products. ... ISA Firewall Fairy Tales - What Hardware Firewall Vendors Don't Want You ... the firewalls at the Asset Network ... The ISA Server 2004 firewall is the ideal firewall for the Asset Network ...
    (microsoft.public.windows.server.sbs)
  • Re: Port 443 Outbound
    ... If you've done what you should with your network then malware has gotten behind your network because *it* has admin access, and it is trivial for malware to *use* that admin access to reconfigure a firewall, whether that is software or hardware. ... Agreed - I would much rather nothing got on the network in the first place and have Trend and auditing set up but surely a device that could monitor 443 outbound would only act as an extra layer of defence? ... No no...an edge device is used for inbound blocking and filtering, but is not an effective security boundary for malware already in your network. ...
    (microsoft.public.windows.server.sbs)
  • Re: Updates now max out IEs agent string length, causing problems
    ... causing some kind of issue in your network. ... I am using Active Directory, Filtering, Firewall, ...
    (microsoft.public.windowsupdate)
  • Re: Need Norton Personal Firewall w/XP Home?
    ... > double-click Network Connections. ... > settings of this connection. ... > On the Advanced tab, under Internet Connection Firewall, select ... > the Protect my computer and network by limiting or preventing ...
    (microsoft.public.windowsxp.general)