I think you're looking in the wrong direction strategically. IPS at the edge
devices (i.e. switch ports) is the next frontier. Protecting the core from
the distribution layer and workstations from other workstations is next. You
already have some IPS vendors rushing in this direction. IPS at the network
perimeter is old hat by now. There may be some more convergence down the
road in the FW / IPS space but I don¹t see much more.
I'm sorry, what "old hat" technology are you referring to? Tippingpoint?
Intruvert? Proventia G? These are "old hat"? How so? What percentage of
market share denotes "old hat"? Your reasoning says < 10%.
I'm also really confused as to how you think we're going to deploy
(affordable) IPS technology at the edge? What is the per-port cost of
current (successful) IPS technologies? If I have 30,000 ports in my
enterprise, what will it cost me to "protect the core from the distribution
layer"?
I'm not certain what school of IPS deployment you are from but it's
definitely not the "school of reality".
Or perhaps you know of some new edge technology:
1. that's affordable
2. that's deployable on the workstation
3. that's deployable on the switch fabric (enterprise wide)
4. that I/we can't comprehend (perhaps from Nitro Security?)
If #3 is the answer, please explain / describe / enlighten.
On 3/15/05 8:26 PM, "Chris Harrington" <charrington@nitrosecurity.com>
wrote:
-----Original Message-----
From: Adam Powers [mailto:apowers@lancope.com]
Besides, the device still needs an IP on the local network for management.
Sounds like security through obscurity to me.
You do not need an IP address to manage an IPS. You just have to route the
management traffic through the IPS if you want to do in band management.
Telco equipment has been doing this sort of thing for a while. There are
instances where a management interface with an IP makes sense but it is not
required.
With the obvious success of IPS technologies at the perimeter, I find it
hard to believe that IPS and FW >technologies will remain disparate
technologies for more than a few more years. The IPS vendors need to >do one
of two things:
1. Find a good firewall vendor to acquire them or 2. Build a full featured
firewall from scratch.
I think you're looking in the wrong direction strategically. IPS at the edge
devices (i.e. switch ports) is the next frontier. Protecting the core from
the distribution layer and workstations from other workstations is next. You
already have some IPS vendors rushing in this direction. IPS at the network
perimeter is old hat by now. There may be some more convergence down the
road in the FW / IPS space but I don¹t see much more.
--Chris
Christopher Harrington, CISSP
Director, Nitro Threat Analysis Center
nitrosecurity
o: 603.766.8160 x25
c: 603.969.0592
e: charrington@nitrosecurity.com
w: www.nitrosecurity.com
Skype: chrisharrington
--
Adam Powers
Director of Technology
Lancope, Inc.
c. 678.725.1028
f. 770.225.6501
e. apowers@lancope.com
StealthWatch by Lancope - Security Through Network Intelligence?
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
