RE: CRIME Checkpoint versus Sonicwall

From: Justin Kurynny (justink@private)
Date: Fri Aug 30 2002 - 08:03:08 PDT

Next message: Nicholas Murphy: "RE: CRIME Checkpoint versus Sonicwall"

Previous message: Seth Arnold: "Re: CRIME Checkpoint versus Sonicwall"
Maybe in reply to: Eric Kornberg: "CRIME Checkpoint versus Sonicwall"
Next in thread: Nicholas Murphy: "RE: CRIME Checkpoint versus Sonicwall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: Michael Rauscher [mailto:mrauscher@private] 

>If I were to walk into Anitian, or any other security vendor, and lay out
my security plan as a once a month, or even once a week log review, along
with NIDS/HIDS that notifies me daily of "suspicious" activity, someone's
not doing their job if they tell me that that's sufficient, and there's
nothing more I should be doing. My bet is you would describe my monitoring
plan as inadequate, and that you have 
one that would allow me to sleep better at night.<

the arguments against one having IDS unless one has full time IDS monitoring
seem to be based in a black-and-white context: black and white in terms of
cost (all or nothing) and in terms of how you are attacked (owned/not
owned). what i believe i'm hearing from that camp is that unless you have
full time IDS monitoring, IDS provides no value. is that, in fact, what
you're saying? if so, i disagree. i would say that i find value in having
information about the kinds of network traffic entering my internal network,
even if it means i find out my web server is owned three weeks after it's
happened. that's because now i can do something about it and i can identify
the weaknesses that allowed the attacker in, and patch/configure
appropriately. i would argue that losing a couple of battles still provides
more information about your enemy's tactics than if you never fought those
battles at all. a lost battle is not a lost war, and in many organizations,
an owned server or two does not necessarily equal the end of those
organizations.


>My point is 2-fold: there's always someone willing to convince you they
have something better that you need, and, if you don't want! to have to
defend your product, don't try to push it on a list where most people know
better.<

you can't blame a salesman for pushing his wares; that's his job. it's up to
you to determine what's gold and what's pyrite, and you're not doing *your*
job if you're just taking a salesman's word for it. i agree with you,
Michael, that this list is not the forum for product placement, but Andrew
is being attacked for his ideology, not his product, and he shouldn't be
censored because "most people know better."


justin

Next message: Nicholas Murphy: "RE: CRIME Checkpoint versus Sonicwall"
Previous message: Seth Arnold: "Re: CRIME Checkpoint versus Sonicwall"
Maybe in reply to: Eric Kornberg: "CRIME Checkpoint versus Sonicwall"
Next in thread: Nicholas Murphy: "RE: CRIME Checkpoint versus Sonicwall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Aug 30 2002 - 08:55:15 PDT