30 October, 2006

Hype Cycle

I agree with most of what Alan has said in this post.

The NAC comments are particularly on the mark. NAC will be a valuable addition to our controls arsenal but if I hear another vendor claim it will solve world hunger I will hang up on them.

I also agree that in 36 to 48 months a given tech starts to loose its teeth. The one comment I will make on this is that the need for it almost never goes away.

This becomes clear when people discuss items like deperimiterization. I don't think that anyone who advocates that path says we should do away with all firewalls completely. Instead what they are saying is that people should realize when a control like a firewall is mostly useless for the key threats of the time and adjust accordingly. In some cases this will mean eliminating firewalls (or at least making their configurations more simple) but in most it will mean adding new controls. For the last few years those have been NIDS and NIPS. This has evolved somewhat to HIPS and HIDS.

The people who understand the mechanisms these controls use to protect realize the strengths and limitations but as Richards post shows it is an evolving world.

What it ultimately comes down to is which mix of controls best fits the need of the organization you are part of and protects against the most likely threats you will face.

No comments: