Upload
sandra4211
View
443
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Security Forum ATC July 24, 2003
The Gartner IT Security Director Membership Program
John Pescatore and Richard Stiennon on “The Death of IDS”
Rich Mogul on California Data Privacy law
Q/A
Intrusion DetectionIs Dead, Intrusion Prevention is Still-born. The Firewall is Re-Born
Richard Stiennon
Getting It Right
Enterprises are moving toward“hard and crunchy” on the inside
Gateways and firewalls are finallyplugging the holes
The intrusion detection system is atthe end of life, we are winning the arms race with hackers.
Firewalls
Vulnerability Assessment
Network Intrusion Prevention
Host Intrusion Prevention
Antivirus
Security Management
The Enterprise Protection Model
IDS
Firewalls
Content Switching
Application Defenses
The Four Paths to Network Security Nirvana
IDS
Mountains of data
Hours of labor
Heaps of alerts
False positives
Incident response nightmares
Intrusion Prevention
Drop protocol attacks
Block known attacks
Less time tracking down “what happened?”
IDS Giving Way to IPS
Completeness of VisionVisionariesNiche Players
Challengers Leaders
Ability toExecute
(From “Intrusion Detection System 1H02 Magic Quadrant,” 1 August 2002)
IDS Magic Quadrant 1H02
As of June 2002
Symantec
Cisco Systems
EnterasysNetworks
Tripwire
RecourseTechnologies
InternetSecuritySystems
NFR SecurityEnterceptSecurityTechnologies
Intrusion
Content Switching
These Layer 7 network devices are ideally situated to:
Load balance across multiple devices
100% inspect traffic
Terminate SSL sessions, allowing a view into the decrypted traffic
Drop offending packets
HTTP
Application Defense
NetcontinuumTerosSanctumKavadoIngrianArray
Hey,wait for me!
The Firewall Vendors Missthe Inflection Point
1H03 Firewall Magic Quadrant
ToplayerToplayer
Secure ComputingSecure Computing
MicrosoftMicrosoft
Cisco SystemsCisco Systems
SymantecSymantec
Check PointCheck Point
SonicWALLSonicWALL
NetScreenNetScreen
As of 6/03As of 6/03
Ability toAbility toExecuteExecute
Completeness of VisionCompleteness of Vision
ChallengersChallengers LeadersLeaders
VisionariesVisionariesNiche PlayersNiche Players
TippingPoint
Intruvert(NAI)
Netcontinuum
Fortinet
Teros
F5 Bluecoat
iPolicyiPolicy
KavadoKavado
MazuMazu
ArrayArray
SanctumSanctum
WhaleWhale
RadwareRadware
Watchguard
Convergence, Really
Definition: Deep packet inspection firewall assembles (normalizes) packets and inspects them for compliance with a set of rules.
Rule classes: Source/Destination/Service
Attack Signature
Protocol Anomaly
Behavior
Antivirus
Custom content inspection
One Packet Stream,Multiple Filters
Recommendations
Delay large investments in IDSand event management
Pilot application defense and networkIPS products
Harden Critical servers
Lock down access control