focus-ids October 2008 archive
Main Archive Page > Month Archives  > focus-ids archives
focus-ids: Re: IDS vs Application Proxy Firewal & OT list bo

Re: IDS vs Application Proxy Firewal & OT list bouncing

From: Thomas Ptacek <tqbf_at_nospam>
Date: Tue Oct 28 2008 - 16:54:02 GMT
To: alfredhuger@winterhope.com


In fairness, the top line for almost everything pales in comparison to firewalls, which are a 2+Bn market segment. --- Thomas Ptacek // matasano security read us on the web: http://www.matasano.com/log On Oct 27, 2008, at 5:54 PM, alfredhuger@winterhope.com wrote:
> Arian,
>
> On Mon, Oct 27, 2008 at 2:29 PM, Arian J. Evans
> <arian.evans@anachronic.com> wrote:
>> Good points, inline:
>>
>> On Fri, Oct 24, 2008 at 3:02 PM, alfredhuger@winterhope.com
>> <alfredhuger@winterhope.com> wrote:
>>> Arian,
>>
>> Yes, but I have seen little to no progress in the mainstream
>> WAF vendors. And to be fair: they have much more
>> immediate problems to solve right now with their
>> current approaches.
>>
>
> Agreed and agreed.
>
>> But market viability has already been proven.
>>
>
> Hmm, I think it's clear there is a need for WAF's but I am not sure
> the 'market viability' has been proven yet FWIW. The revenues for such
> products still pale when compared to traditional firewalls.
>
>
>> In fact there was one success in the behavioral "WAF/IDS"
>> arena few in the security community are aware of. A
>> product called "Business Signatures" executed quite
>> well in this problem domain -- though ostensibly not
>> for the purpose of being a WAF -- and was acquired
>> by Entrust a few years ago. They had some large
>> and very happy clients I worked with:
>>
>> http://www.networkworld.com/news/2006/071906-entrust.html
>
> Cool.
>
>>
>
>>
>> <OT>
>>
>> I would understand if moderation were the problem. My
>> messages get rejected by the server configs on less than
>> half the SF lists (which the moderators do not control).
>> I've had moderators trying to get my posts involved in
>> dialogue on those lists and are unable to do so because
>> of what appears to be the SF list-server admins.
>>
>> I have contributed quite productively to the SF list
>> community for many years, but at this point I've
>> kind of thrown up my hands. After two years you
>> probably would too Alfred.
>
> Likely so. I was ignorant of the technical sides of the issue. Mea
> Culpa.
>
>> nota bene: I only take shots at vendors with vitrol
>> if I can support my statements with facts and real-
>> world examples, and I have written the vendor off
>> in a given problem-domain. In most cases it is
>> intended for comic relief (mine) and it is up to the
>> reader to chose to appreciate that or not.
>>
>
> Uh, OK. Having been on the ugly end of public posts like that as
> someone who ships software the humor is lost on me. For the most part.
> One of the things that sucks about this industry is the unchecked
> nastiness in public forums. I know some people get a kick out of it. I
> guess I am just not one of them.
>
>
>> I am aware of and certianly respect SF's business
>> case for advertising revenue that would lead them
>> not to encourage advertiser denigration or emotional
>> flame wars devoid of fact. But that's not the issue here.
>>
>
> No, your right, it is not the issue here. SF's business has never been
> based off ad revenue and our moderation of posts has never been
> subject to rules built off that foundation. I dislike ugly commentary
> in public forums. I felt that way when I founded securityfocus and I
> feel that way now. It's not to say that I have not engaged in it
> myself (because I have) it's just that I hope for more, from all of
> us.
>
>
>> As for my opinions on vendors, well....
>>
>> I have been wrong before.
>>
>
> Me too.
>
>> By contributing my opinions to the public forum
>> I ask that you put them under your protection,
>> and allow I may be wrong, YMMV, and I might
>> need to change my opinion in the future.
>>
>> In turn I will both always support the right of
>> anyone in this public dialogue to do the same,
>> and back up my claims as needed with
>> reasonable matters of fact and existence,
>>
>
> Is it too much to ask you to be polite when delivering your message?
> The authors of much of the code you disparaged read this forum. Your
> posts are dead on so I would be willing to bet you'll have more
> influence by modifying your delivery.
>
> My .2
>
> al
>
>
>> --
>> --
>> Arian J. Evans.
>> Solipsistic Software Security Sophist
>>
>>
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------