Joe wrote ....
... "infrastructure IPS".... allows the NADS to find
the
piece of network infrastructure closest to the
threat
(router, switch, firewall, etc.) and take blocking
action
there in order to quarantine the attack.
Can you point me to some info on the infrastructure
examples where this would work? Sounds like a great
concept but when I evaluated Lancope last year, I
don't remember this feature being present at the time.
...However, in speaking with customers, it [IPS] is
too
costly to deploy in a scenario that can give you
adequate network visibility or proper blocking
capabilities inside your organization.
Just because it is costly does not mean it is not a
good security solution. It just means that the
solution is expensive.. but it does exist. I am
fighting this battle now trying to get IPS deployed
everywhere possible. My justification... I either get
one security analyst per critical segment and charge
him with watching 24x7x365 and responding within 10
seconds or I deploy IPS. The IPS solution is cheaper
and more practical.
I too share your sentiment about IPS being sold as the
"silver bullet." I wanted it to be. I tried it... and
it was not. It is another tool in the infrastructure
tool kit.
Regards,
Hassan Karim, CISSP
Send instant messages to your online friends http://uk.messenger.yahoo.com
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
