« Subjective Probabilities: You Still Need to Think | Main | Security > 140 Conversation with Craig Burton »



Firewalls and SSl play a vital role in our day to day life in internet!!!


^^^ Even the hackers love SSL. Their exploit code is now encrypted when they hack the websites, keeping those pesky Intrusion Detection Sytems guessing.


I'd like to hear some examples of innovative tools or vendors not getting enough attention that have compelling products that add to or change the game of network security, or the space that firewalls/SSL provide for.

It's fine to say these technologies are "old" in tech terms, but what are they lacking? What should be used instead of them? Are any new things even close to as elegant as these older tools?

If I tell my CSO that his firewalls and SSL are old and antiquated, his rightly first response is going to be, "Ok, what do we replace them with?" And he's not going to be happy if the response requires more work from more expensive staff to glue complicated tools and suites together and manage it all. :(


Craig - nice!

@LonerVamp - "if the response requires more work from more expensive staff " not sure I understand the cost argument for spending top dollar for 1995 technology. why not demand product improvements instead? Infosec does nto demand innovation and the vendors don't provide. Perhaps that is okay (even though it probably isn't) but in any case why in the world would infosec pay any *more* than ten cents on the dollar for 1995 technology? Moore's law anyone? as it is these vendors have among the highest margins in the business. If its really about controlling infosec cost (for the sake of discussion let's assume that this is the goal and not providing security) that is a logical argument to make, but then it should be about driving those costs down instead of subsidizing vendors to non-innovate. As it is now- infosec gets the worst of both worlds - 1995 technology that's priced like a latest and greatest bleeding edge product.

To me, we should either stay the course as you suggest but demand much lower costs, or pay the price to innovate


I guess another way of phrasing the question is, what's wrong with 1995 technology? Or, what should they be adding/innovating/selling?

There's a pretty big difference in the management ability of firewalls 15 years ago and those of today. I'd much rather manage an ASA than a Pix these days. Not because of such huge steps, but because the device is incrementally better/easier.

I guess I've heard you bring up the old net sec technology before, and I'm just not buying why it's a talking point or what we should be doing instead.


@LonerVamp - I think network security is necessary but nowhere near sufficient. I propose more focus on appsec, identity and monitoring

The comments to this entry are closed.