RE: Checkpoint SmartDefense

• Previous message: THolman_at_toplayer.com: "RE: Checkpoint SmartDefense"
• In reply to: Fergus Brooks: "Checkpoint SmartDefense"
• Next in thread: charles.fasching_at_milestonesystems.com: "RE: Checkpoint SmartDefense"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <ferg@furg.net>, <focus-ids@securityfocus.com>
Date: Thu, 19 May 2005 09:58:29 +0300

Hi Fergus,

Regarding your SmartDefense questions, my experience on this CP feature recommends that:

1) in practice, it supplements the Application Intelligence FW-1 already has. For zero-day attacks, you can never be sure that a
"skinny" IPS/IDS solution like SmartDefense will be enough. So far, it has performed pretty good considering the amount of money you
spend for a single gateway (which make SmartDefense a MUST in FW-1 gateways). Spend some time and look for Web Intelligence though,
a CP feature that does behavioral-based analysis - not single pattern matching.

2) SmartDefense is just what its name indicates: smart (not intelligent). The intelligence lies on the FW-1 itself. The combination
though performs great (and fast!). You can be sure that Check Point will provide you with important updates in time. There are lots
of people in CP HQ that deals with maintaining SmartDefense and publishing updates.

3) As every CP product or service, it is not that difficult to configure and maintain, considering that you know the IT environment
very good (so that you do not have to mess with false positives). Spend some time in fine tuning as well.

4) SmartDefense comes as an annual service, so I do not see a reason why it should be different in Interspect. Never tested
SmartDefense in Interspect myself.

Regards,

Dimitrios G. Patsos
ΙΤ Security Consultant
===================
SPACE HELLAS S.A.
===================
Email dpat@space.gr

-----Original Message-----
From: Fergus Brooks [mailto:fergwa@gmail.com]
Sent: Wednesday, May 18, 2005 2:10 PM
To: focus-ids@securityfocus.com
Subject: Checkpoint SmartDefense

Hi all,

I am getting some mixed messages regarding this feature.

1) Does it detect zero day attacks in real time and
recommend/implement remediation

2) How intelligent is it?

3) Is it difficult to configure & maintain?

4) Is this feature different on the Interspect and standard FW-1 boxes

Any comments and real world examples greatly appreciated!

Thanks & regards.

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------

• Previous message: THolman_at_toplayer.com: "RE: Checkpoint SmartDefense"
• In reply to: Fergus Brooks: "Checkpoint SmartDefense"
• Next in thread: charles.fasching_at_milestonesystems.com: "RE: Checkpoint SmartDefense"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]