Tim, I understand your point but I feel it depends where you put your investment. I drive a Mercedes "S" type car, it is best of breed overall and frequently judged overall the World's finest car. It was expensive, it uses a fair bit of fuel, the insurance premiums are fairly high and the servicing bills also a bit steep! But ----- I don't even carry a spare light bulb in it! It just does not fail, everything is finely engineered and backed up internally with Mercedes own technology, and yes, it does have duplicate light bulbs so if one goes I just drive on but it tels me about it! I don't need a second engine in casde the first one falters! Nothing is built that can't go wrong, and just once a faulty Battery let me down but i just made a phone call from the stored number in the integral phone and within minutes I was driving in a replacement while not only were they replacing my Battery but carrying out extensive tests to find out why it failed!
You get what you pay for and if you invest in the best it pays, and ISS are accepted by every major analytical group as the best with a full solution from their own products which nobody else has. When I drove a GM or a Ford or any other mid range car I carried all sorts of spares and had to pay for extensibve breakdown cover. It was all I could afford in those days. If I could not afford the best IPS, then maybe I shoulkd consider a multi-layered approach, truth is though, it will still break down more often! John Tel 01782-865026 mobile 07730989255 -----Original Message----- From: tim [mailto:[EMAIL PROTECTED]] Sent: Saturday, November 23, 2002 2:07 PM To: [EMAIL PROTECTED] Cc: Pam Singletary; John Ryder Subject: FW: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTIONJohn, Point made. First I have allot of experience with the NetScreen and ISS products. If I am not mistaken NetScreen has worked closely with ISS and other vendors with their signature base in both their Firewalls and IDP line. To say they should stick to just making FW's is like saying we only need one telephone company for the world. Competition and companies working together are the driving force behind new technologies. Ever heard the expression don't put your eggs in one basket, the same applies to security, although ISS has some very good products, they are not infallible. The layered approach to security which you stated is correct, but what if there is a inherent flaw in the methodology that one company use's and a weakness is found, a backup or redundant system of another vendor will at least provide you with the basic coverage until the problem is fixed. Timothy Singletary CISSP, CTT+, MCP, TCI CIO, Active Defense Inc. Phone: 315.337.0981 Cell: 315.534.1979 Fax: 315.3399186 WWW.Active-Defense.com - "Securing Tomorrow's E-Business Today" LEGAL NOTICE - Unless expressly stated otherwise, this message is confidential and may be privileged. It is intended for the addressee(s) only. Access to this e-mail, and any attachments to this e-mail, by anyone else is unauthorized. If you are not an addressee, any disclosure or copying of the contents or any action taken (or not taken) in reliance on it is unauthorized and may be unlawful. If you are not an addressee, please inform the sender immediately. - -----Original Message----- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]]On Behalf Of John Taylor Sent: Friday, November 22, 2002 11:07 AM To: Collier, Harold L [PCS]; John Taylor; SS_ Depot; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION Netscreen IDP? The real issue in intrusion is not to make the mistake in thinking that a box on the portal will solve the issues, it is essential to deploy Server based Server Sensor's as well to protect against internal hacking. The big benefit in the ISS solution is unique, it comes from deploying System Scanner and Server Sensor on all servers as well as Desktop protector on VPN laptops and a Guard on the Internet Portal, then, using Fusion software attack alerts can be correlated with known vulnerability status --- now you have real information and not just data! I see a plethora of appliances, IDS in firewalls like Netscreen etc. etc. but they are just "islands" providing yet more data, ISS leads the World by providing a complete solution and having products for vulnerability assesment, log file analysis, Intrusion detection, Intrusion protection that all work together. It is like the data switching market, Avaya have a better core switch than Cisco in my humble opinion, there are better workgroup products than Cisco have, and probably better Routers --- but -- do you want three different management configurators? do you want three suppliers for a single network? This is where Cisco excelled and why they lead the market in networking, especially large networks, it comes down to Total Cost of Ownership and it is where ISS also excel, in providing the complete solution! Mind you Cisco have made a real dog's breakfast of IDS!! Should stick to networking, like firewall vendors should stick to firewalls! Which is why ISS stick to what they do! John Taylor Tolerant Systems Tel 01782-865026 mobile 07730989255 -----Original Message----- From: Collier, Harold L [PCS] [ mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 10:41 PM To: John Taylor; SS_ Depot; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION Has anyone looked at Netscreen's IDP product? -----Original Message----- From: John Taylor [ mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 10:30 AM To: SS_ Depot; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION Folks, watch this space! ISS recently bought a Compoany called VCIS who developed some very interesting software to observe behavioural patterns and I belive you will see this incorporated into the products before too long!! JT Tel 01782-865026 mobile 07730989255 -----Original Message----- From: SS_ Depot [ mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 20, 2002 7:50 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION I've had a chance to look at a couple of these type of host products. From what I can tell, they offer no protection against TCP based attacks such as DoS. Since they operate on the kernel level, I would fear there would be issues to updating my servers to the latest Service Pack or patch. Plus, ISS is a solid company that has been around and will continue to be around. These other niche players are looking to be gobbled up. Where does that leave the customer? What if the buyer is a company you despise? -SS -----Original Message----- From: [EMAIL PROTECTED] [ mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 19, 2002 4:22 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [ISSForum] INTRUSION DETECTION vs INTRUSION PREVENTION My company is looking into intrusion prevention instead of ISS IDS. Does ISS have any plan to fully incorporate intrusion prevention into their architecture? We are currently looking into two companies --- OKENA.COM and FORESCOUT.COM Any thoughts on those two companies? Thanks Osaro Osagie CCSA, CCNA, CISSP ALLTEL Information Technology _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _________________________________________________________________ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBPd+Lnm6kdxvuXiQ4EQIYogCdHzBtmZPl5vSORzutDtXsHaxDxUgAoPMc XTRavzSwFqRK7imyvq0M6SC3 =XeRw -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
