Jan 15 2004
Interesting Presentation, but not for the reasons the vendor meant it to be.
I went and saw in interesting presentation yesterday by Bill Pennington, Chief Technical Officer at Whitehat Security. The presentation was given at the monthly meeting of the San Francisco ISSA (can’t find the link yet) chapter. His basic message was, “Your firewalls can’t protect you, your IDS can’t protect you, one-time audits can’t protect you. The only way to protect your web servers is continuous auditing by US!” And he does have a good point: many of the threats coming at our systems today are coming over legitamite ports, using legitimate applications, but using them in ways they weren’t intended to be used. Your firewall won’t stop traffic from going to the web server, the IDS won’t detect a web request where the numbers have been slightly altered, and one-time audits can’t track system changes that may expose new vulnerabilities.
Where Mr. Pennington lost a lot of his audience was in his insinuation that firewalls, IDSs and one time audits aren’t worth the money, and the occasional barb he threw out at some of his competitors. To be honest, his comments about his competitors weren’t all that bad, but there were a number of said competitors in the audience. I know that at least one member of the governing body of the ISSA chapter sponsoring the event were going to take him to task for his comments. Note for the future, don’t bash on the competition in a public forum.
Back to the firewall, IDS, audit thread. I think that Mr. Pennington was trying to say that these alone can’t protect you, you need more. But what he came across as saying was that his way was the only way to protect your network. This sort of market-speak may work with some of the VP and higher level people that he speaks to, but most security professionals have heard it all before. How many times have you seen someone shouting from the rooftops (metaphorically speaking) that their NEW, IMPROVED way is the only true way to protect your network? I’d say at least every six months to a year someone is saying this.
Bottom line: It is possible to promote your product without tearing down others. Admittedly, a lot harder, but doable. And I think it is a much better long-term philosophy.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
One Response to “Interesting Presentation, but not for the reasons the vendor meant it to be.”
Throwing technology at a problem (IDS,FIREWALL,IPS) is never the only answer, but sometimes it certainly makes arriving at the answer a lot easier with that much lower skillset.