Hi Fergus,
Regarding your SmartDefense questions, my experience on this CP feature
recommends that:
1) in practice, it supplements the Application Intelligence FW-1 already has.
For zero-day attacks, you can never be sure that a
"skinny" IPS/IDS solution like SmartDefense will be enough. So far, it has
performed pretty good considering the amount of money you
spend for a single gateway (which make SmartDefense a MUST in FW-1 gateways).
Spend some time and look for Web Intelligence though,
a CP feature that does behavioral-based analysis - not single pattern matching.
2) SmartDefense is just what its name indicates: smart (not intelligent). The
intelligence lies on the FW-1 itself. The combination
though performs great (and fast!). You can be sure that Check Point will
provide you with important updates in time. There are lots
of people in CP HQ that deals with maintaining SmartDefense and publishing
updates.
3) As every CP product or service, it is not that difficult to configure and
maintain, considering that you know the IT environment
very good (so that you do not have to mess with false positives). Spend some
time in fine tuning as well.
4) SmartDefense comes as an annual service, so I do not see a reason why it
should be different in Interspect. Never tested
SmartDefense in Interspect myself.
Regards,
Dimitrios G. Patsos
ΙΤ Security Consultant
===================
SPACE HELLAS S.A.
===================
Email dpat@space.gr
-----Original Message-----
From: Fergus Brooks [mailto:fergwa@gmail.com]
Sent: Wednesday, May 18, 2005 2:10 PM
To: focus-ids@securityfocus.com
Subject: Checkpoint SmartDefense
Hi all,
I am getting some mixed messages regarding this feature.
1) Does it detect zero day attacks in real time and
recommend/implement remediation
2) How intelligent is it?
3) Is it difficult to configure & maintain?
4) Is this feature different on the Interspect and standard FW-1 boxes
Any comments and real world examples greatly appreciated!
Thanks & regards.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
