Focus on IDS
Checkpoints Smartdefense as an IPS Apr 28 2009 08:00AM
a bv (vbavbalist gmail com) (4 replies)
Re: Checkpoints Smartdefense as an IPS Apr 29 2009 06:13PM
John Jasen (jjasen realityfailure org)
Re: Checkpoints Smartdefense as an IPS Apr 28 2009 09:15PM
Jaime Díaz (jndiaz gmail com)
Re: Checkpoints Smartdefense as an IPS Apr 28 2009 05:07PM
Laurens Vets (laurens daemon be)
Re: Checkpoints Smartdefense as an IPS Apr 28 2009 03:59PM
Tommy May (tommymay comcast net)
I haven't dealt with SmartDefense for a long time - but when I did, the advantages was that there was no political battle to fight for getting another device to go inline of traffic - as folks are already accustomed to having the firewall there inspecting traffic, to some degree.

The disadvantages (from my perspective only at the time) was that the individual tuning parameters were not extremely granular... so when there were false positives triggered for blocking, it was 'an all or nothing' remediation required to address the issue - i.e. turn the signature off alltogether.

So - in a practical sense, it comes down to requirements. If it is simply to address an 'audit or compliance checkmark' requirement, then something like SmartDefense was fantastic for an enterprise who already had deployed Checkpoint as a firewall and was well used to administering and maintaining the solution. However, to achieve real detective vigilance I would recommend augmenting the solution with passive IDS at key monitoring points. In my experience, you will rarely get a specific directive from anyone in the enterprise that will clarify this for you - you sort of have to get a gut feel.

Sorry for the 'gray' answer, but thats simply my opinion based on what I have seen. :)

(Also, please note that I havent dealt with Checkpoint now in several years, so there may have been significant advancements made to SmartDefenses tunability since then)

Hope this helps...


----- Original Message -----
From: "a bv" <vbavbalist (at) gmail (dot) com [email concealed]>
To: focus-ids (at) securityfocus (dot) com [email concealed]
Sent: Tuesday, April 28, 2009 4:00:52 AM GMT -05:00 US/Canada Eastern
Subject: Checkpoints Smartdefense as an IPS

Hi list,

I want to ask to list for the opinion on Checkpoints Smartdefense. For
the past and current users , how enough/successfull do you find it as
an ips for your enterprise? Do you use additional ids/ips if so what
purposes and to monitor what segments/parts of your infrastructure.?
And how do you deploy,manage Smartdefense?


[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus