On 26-Nov-08, at 8:37 AM, Joel Snyder wrote:
There are a few IPS/IDS solutions out there utilizing email reputation
> as part of their solutions, and they primarily get their strength
from a
> centralized managed db on the part of the vendor supplying the
solution.
I haven't seen this actually happening; do you have specific
products in mind? Other than 'intention,' it doesn't seem to have
been rolled out yet.
I'm drawing a blank on the vendor, it came up when we were evaluating
UTM solutions. It may have been Juniper or Checkpoint, I don't recall
and am unable to devote the time to dig back at the moment I'm
afraid. The other possibility is Tipping Point, but again I'm having
a morning where my recollection is a bit hazy ;)
I'm definitely interested in seeing how the various vendors address
this from an architecture design stance, and particularly how much
flexibility they provide to the client in making choices with regards
to the reputation information. Also be interesting to see if this
gets extended beyond email reputation to straight IP reputation,
perhaps utilizing information similar to that found on MyNetWatchMan
or sites like ISC.
Cheers, and thanks for the well thought out response - it was a good
read!
---
Tremaine Lea
Network Security Consultant
Intrepid ACL
Paranoia for hire
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
