I went to Interop today (not Friday 9/22 like I initially posted) and was very disappointed. Maybe it was the venue but the turnout from both vendors and people roaming the floor seems way off. I was working a booth for last years Interop in Las Vegas. There was a hell of a lot more activity going on there. Mike Rothman had some good observations about the show posted here. As Mike pointed out Cisco not showing up was very strange.
I am still amazed at all the different flavors of NAC products at the show. Some are client based and some clientless. A couple are the RADIUS server and others are just a proxy. There are both pre and post admission NAC. Most support 802.1x in some fashion. I did have a NAC vendor tell me that 802.1x was a “non-starter” and they were not putting much effort into it. Okay then……
The interesting ones are those that have IPS functionality on the device. One vendor made the crucial mistake of telling me they don’t use signatures for their IPS functionality therefore they can detect all 0-Day attacks. They do traffic anomaly / NBAD / NADS stuff. I fire back and ask them how they can detect something like SQL Slammer without a signature. After the sales guy gave me the deer in the headlights look he asked the engineer to come over. He finally said there would have to be a detectable traffic change to pick up on it. IPS vendors listen up, Network Anomaly Detection does not instantly give you 0-Day detection super powers, despite what your marketing trolls tell you. Arghhhh…
–Chris
Technorati Tags: Interop, NAC, 802.1x, IPS, RADIUS, SQL Slammer
Leave a Reply