2 comments

[ 3.5 ms ] story [ 17.7 ms ] thread
Are there security appliances which use virtualization for sandboxing of unsafe parsers, like Qubes does on endpoints?
I would add one question for the prospective customer of such an appliance: why do you need it?

Why do you need an appliance analyzing all your network traffic in real time? And if you truly do need such an appliance, why does it need to be connected to anything other than mirror ports (where it cannot transmit) and a dedicated console which is not connected to the rest of the network?

If some clever attacker ruins your pervasive-surveillance appliance, you will have lost nothing other than a bit of time if you did not connect it to a network it can use to exfiltrate your data. But if you installed all the plumbing, don't be surprised when someone flushes a giant turd down your tubes.