Andrew Plato wrote:
> IPS is far from immature. The first in-line IPS was BlackICE Guard. I
> installed one of the first in late 1999.
The first IDS paper dates in the 80s. Still, I would not say IDS, or
IPS, are a mature technology. It's not a point of being old - it's a
point of being EFFECTIVE.
> A well tuned IPS can be pretty lean on
> false positives.
Standard considerations apply, as for IDS
> a few POSSIBLE disruptions
> due to false positives, or getting hacked and 0wn3d and losing your
> business.
You are implying that the likelyhood of the IPS stopping a nasty attack
are way above the likelyhood of false positives. This is exactly what
you're trying to prove ;)
> Firewalls are not IPSs.
I see less and less difference among the two.
> IDS may not be dead, but its value is diminishing.
IPS is just the reactive sort of IDS, so the debate on IDS vs. IPS is
not very interesting...
> Moreover, the value of an IDS diminishes even more if you lack in-house
> analytical capabilities.
If you don't have those capabilities, how are you going to setup an IPS,
exactly ?
> These are, of course, my opinions. And naturally, I have a vested
> interest in people buying more IPSs - because I sell them.
I don't :)
Stefano
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
