Archive

Archive for the ‘Intrusion Prevention’ Category

Third Party Patching — Why Virtual Patch Emulation is the Host-est with the Most-est…

September 27th, 2006 3 comments

Dentalhygiene
All this hubbub about third party patching is enough to make one cross-eyed…(read on for the ironic analog)

I’ve written about this twice before…once last month here and the original post from my prior blog written over a year ago!  It’s a different approach (that inevitably and incorrectly gets called an IPS) to solving the patching dilemma — by not touching the host but instead performing virtualized patch emulation in real-time via the network.

Specifically I make reference to a product and service from Blue Lane technologies (the PatchPoint gateway) which so very elegantly provides a layer of protection that is a NETWORK-BASED third party patching solution.

You don’t have to touch the host — no rediculous rush to apply patches that might introduce more operational risk in the hurry to patch them than the risk imposed by the likelihood of the vulnerability being exploited…

You can deploy the virtual (third party) patch and THEN execute your rational and controlled approach towards regression testing those servers you’re about to add software to…

Rather than re-hash the obvious and get Alan Shimel designing book covers to attack my post like he did with Ross Brown from eEye (very cool, Shimmy!) you can just read the premise based upon the link above in the first sentence.

I don’t own any Blue Lane stock but I did happen to buy one of the first of their magical boxes 2 years ago and it saved my ass on many occasion.  Patch Tuesday become a non-event (when combined with the use of Skybox’s amazing risk management toolset…another post.)

Keep your mitts off my servers….

Hey Nokia…welcome to last year!

August 29th, 2006 1 comment

Ripvanwinkle72
I’m sorry.  I can’t resist.  If you can’t stomach grand-standing and vendor eye-poking, skip this post.  I’m sitting in Logan Airport after 3 Knob Creeks and a Board Meeting, so you’ll have to cut me some slack.

This is an example of the petty vendor one-upmanship that Rothman hates, but I’m tired of Nokia’s bogus announcements year after year of how they are kings of the pile when they are in fact one-trick wonders who have, to their credit, been able to successfully and parasitically build a  $1BN market on the top of the backs of Check Point. 

In case you didn’t know, that’s the ever-vigilant Nokia-Van-Winkle napping under the security tree…

You probably recognize by now that Crossbeam "competes" with Nokia.  They produce a suite of appliances, we provide an architecture that scales.  But who’s picking nits…

I’m being nice when I say that we "compete" because their continued reliance upon an antiquated, proprietary OS that requires "porting" of software and the fact that they only run ONE application (Check Point) on their platforms, really doesn’t offer a fair comparison to our solutions which offers combinations of over 20+ best-of-breed security applications.

Nokia "We’re more than phones, damnit!" announced today that they are going to OEM SourceFire’s IPS product for use on their appliances. 

We announced our partnership with SourceFire in 2005, but I suppose porting takes time so Nokia finally got it done.

After an aborted attempt with ISS and an AV vendor years ago, it finally dawned on Nokia that in order to be viewed as being "…more than phones and a firewall" that they actually have to run at least one other application to add value to its customers — other than milking them for maintenance contracts, that is.

Guess what else is coming!?  They’re more than likely going to OEM DeepNine’s UTM/IPS software also.  Then they can say they play in the UTM world, too.  I wonder how long it’ll take for them to figure out that people are tired of stacking boxes — even theirs.  Oh, wait!  I know!

Welcome to 2005, Nokia!

Next up…Cisco!

Categories: Intrusion Prevention Tags: