-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTIONJohn,
Point made. First I have allot of experience with the NetScreen
and ISS products. If I am not mistaken NetScreen has worked closely
with ISS and other vendors with their signature base in both their
Firewalls and IDP line. To say they should stick to just making FW's
is like saying we only need one telephone company for the world.
Competition and companies working together are the driving force
behind new technologies. Ever heard the expression don't put your
eggs in one basket, the same applies to security, although ISS has
some very good products, they are not infallible. The layered
approach to security which you stated is correct, but what if there
is a inherent flaw in the methodology that one company use's and a
weakness is found, a backup or redundant system of another vendor
will at least provide you with the basic coverage until the problem
is fixed.
Timothy Singletary
CISSP, CTT+, MCP, TCI
CIO, Active Defense Inc.
Phone: 315.337.0981
Cell: 315.534.1979
Fax: 315.3399186
WWW.Active-Defense.com
- "Securing Tomorrow's E-Business Today"
LEGAL NOTICE - Unless expressly stated otherwise, this message is
confidential and may be privileged. It is intended for the
addressee(s) only. Access to this e-mail, and any attachments to this
e-mail, by anyone else is unauthorized. If you are not an addressee,
any disclosure or copying of the contents or any action taken (or not
taken) in reliance on it is unauthorized and may be unlawful. If you
are not an addressee, please inform the sender immediately.
- -----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf
Of John Taylor
Sent: Friday, November 22, 2002 11:07 AM
To: Collier, Harold L [PCS]; John Taylor; SS_ Depot;
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION
Netscreen IDP?
The real issue in intrusion is not to make the mistake in thinking
that a box on the portal will solve the issues, it is essential to
deploy Server based Server Sensor's as well to protect against
internal hacking. The big benefit in the ISS solution is unique, it
comes from deploying System Scanner and Server Sensor on all servers
as well as Desktop protector on VPN laptops and a Guard on the
Internet Portal, then, using Fusion software attack alerts can be
correlated with known vulnerability status --- now you have real
information and not just data!
I see a plethora of appliances, IDS in firewalls like Netscreen etc.
etc. but they are just "islands" providing yet more data, ISS leads
the World by providing a complete solution and having products for
vulnerability assesment, log file analysis, Intrusion detection,
Intrusion protection that all work together. It is like the data
switching market, Avaya have a better core switch than Cisco in my
humble opinion, there are better workgroup products than Cisco have,
and probably better Routers --- but -- do you want three different
management configurators? do you want three suppliers for a single
network? This is where Cisco excelled and why they lead the market in
networking, especially large networks, it comes down to Total Cost of
Ownership and it is where ISS also excel, in providing the complete
solution!
Mind you Cisco have made a real dog's breakfast of IDS!! Should stick
to networking, like firewall vendors should stick to firewalls! Which
is why ISS stick to what they do!
John Taylor
Tolerant Systems
Tel 01782-865026
mobile 07730989255
-----Original Message-----
From: Collier, Harold L [PCS]
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 21, 2002 10:41 PM
To: John Taylor; SS_ Depot; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION
Has anyone looked at Netscreen's IDP product?
-----Original Message-----
From: John Taylor [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 21, 2002 10:30 AM
To: SS_ Depot; [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION
Folks,
watch this space! ISS recently bought a Compoany called VCIS who
developed
some very interesting software to observe behavioural patterns and
I belive
you will see this incorporated into the products before too long!!
JT
Tel 01782-865026
mobile 07730989255
-----Original Message-----
From: SS_ Depot [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 20, 2002 7:50 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION
I've had a chance to look at a couple of these type of host
products. From
what I can tell, they offer no protection against TCP based attacks
such as
DoS. Since they operate on the kernel level, I would fear there
would be
issues to updating my servers to the latest Service Pack or patch.
Plus,
ISS is a solid company that has been around and will continue to be
around.
These other niche players are looking to be gobbled up. Where does
that
leave the customer? What if the buyer is a company you despise?
-SS
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, November 19, 2002 4:22 PM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION
My company is looking into intrusion prevention instead of ISS IDS.
Does
ISS have any plan to fully incorporate intrusion prevention into
their
architecture?
We are currently looking into two companies --- OKENA.COM and
FORESCOUT.COM
Any thoughts on those two companies?
Thanks
Osaro Osagie
CCSA, CCNA, CISSP
ALLTEL Information Technology
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
_______________________________________________
ISSForum mailing list
[EMAIL PROTECTED]
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to
https://atla-mm1.iss.net/mailman/listinfo
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBPd+Lnm6kdxvuXiQ4EQIYogCdHzBtmZPl5vSORzutDtXsHaxDxUgAoPMc
XTRavzSwFqRK7imyvq0M6SC3
=XeRw
-----END PGP SIGNATURE-----
PGPexch.rtf.asc
Description: Binary data
