Security Forum ATC July 24, 2003

The Gartner IT Security Director Membership Program

John Pescatore and Richard Stiennon on “The Death of IDS”

Rich Mogul on California Data Privacy law

Q/A

Intrusion DetectionIs Dead, Intrusion Prevention is Still-born. The Firewall is Re-Born

Richard Stiennon

Getting It Right

Enterprises are moving toward“hard and crunchy” on the inside

Gateways and firewalls are finallyplugging the holes

The intrusion detection system is atthe end of life, we are winning the arms race with hackers.

Firewalls

Vulnerability Assessment

Network Intrusion Prevention

Host Intrusion Prevention

Antivirus

Security Management

The Enterprise Protection Model

IDS

Firewalls

Content Switching

Application Defenses

The Four Paths to Network Security Nirvana

IDS

Mountains of data

Hours of labor

Heaps of alerts

False positives

Incident response nightmares

Intrusion Prevention

Drop protocol attacks

Block known attacks

Less time tracking down “what happened?”

IDS Giving Way to IPS

Completeness of VisionVisionariesNiche Players

Challengers Leaders

Ability toExecute

(From “Intrusion Detection System 1H02 Magic Quadrant,” 1 August 2002)

IDS Magic Quadrant 1H02

As of June 2002

Symantec

Cisco Systems

EnterasysNetworks

Tripwire

RecourseTechnologies

InternetSecuritySystems

NFR SecurityEnterceptSecurityTechnologies

Intrusion

Content Switching

These Layer 7 network devices are ideally situated to:

Load balance across multiple devices

100% inspect traffic

Terminate SSL sessions, allowing a view into the decrypted traffic

Drop offending packets

HTTP

Application Defense

NetcontinuumTerosSanctumKavadoIngrianArray

Hey,wait for me!

The Firewall Vendors Missthe Inflection Point

1H03 Firewall Magic Quadrant

ToplayerToplayer

Secure ComputingSecure Computing

MicrosoftMicrosoft

Cisco SystemsCisco Systems

SymantecSymantec

Check PointCheck Point

SonicWALLSonicWALL

NetScreenNetScreen

As of 6/03As of 6/03

Ability toAbility toExecuteExecute

Completeness of VisionCompleteness of Vision

ChallengersChallengers LeadersLeaders

VisionariesVisionariesNiche PlayersNiche Players

TippingPoint

Intruvert(NAI)

Netcontinuum

Fortinet

Teros

F5 Bluecoat

iPolicyiPolicy

KavadoKavado

MazuMazu

ArrayArray

SanctumSanctum

WhaleWhale

RadwareRadware

Watchguard

Convergence, Really

Definition: Deep packet inspection firewall assembles (normalizes) packets and inspects them for compliance with a set of rules.

Rule classes: Source/Destination/Service

Attack Signature

Protocol Anomaly

Behavior

Antivirus

Custom content inspection

One Packet Stream,Multiple Filters

Recommendations

Delay large investments in IDSand event management

Pilot application defense and networkIPS products

Harden Critical servers

Lock down access control