Andrew
While I can appreciate what you are saying, your own commercial position
makes it difficult to put much weight behind what you are saying. The sheer
number of people using snort sensors would seem to indicate other than what
you are saying. Also, the many products that give pure, vanilla snort a
polished commercial feel, are a fine match for many of the products you
mention. Our own freeware IPS, strata guard free
(http://www.stillsecure.org), which is snort based, is a perfect example of
this. It probably does as good a job on the false positives as any of the
"commercial" products you mention.
It is a wide market out there!
alan
StillSecure
Alan Shimel
Chief Strategy Officer
O 303.381.3815
C 516.857.7409
F 303.381.3881
email ashimel@stillsecure.com
blog http://ashimmy.typepad.com
www.stillsecure.com
The information transmitted is intended only for the person
to whom it is addressed and may contain confidential material.
Review or other use of this information by persons other than
the intended recipient is prohibited. If you've received
this in error, please contact the sender and delete
from any computer.
-----Original Message-----
From: Andrew Plato [mailto:andrew.plato@anitian.com]
Sent: Friday, April 07, 2006 12:05 PM
To: Will Metcalf
Cc: focus-ids@securityfocus.com
Subject: RE: IDS vs. IPS deployment feedback
I'm not saying that an IPS does not have value, I'm saying
it should be part of an overall security strategy, not your
end all solution for detecting and preventing intrusions,
as the view that it gives even the most novice analyst is
far too narrow.
Okay Will, here we agree. An IPS must be part of a larger security
strategy. It cannot stand alone. I completely agree with that.
However, I maintain my position that most businesses lack the analytical
capabilities to deploy resource intensive technologies (like SNORT).
Hence, commercial IPS that can filter off a set of known vulnerabilities
reduces the overall workload and offers a layer of protection. Also, the
majority of attacks in the wild are well-known and easily detected and
blocked.
_____________________________________
Andrew Plato, CISSP, CISM
President/Principal Consultant
ANITIAN ENTERPRISE SECURITY
Your Expert Partner for Security & Networking
3800 SW Cedar Hills Blvd, Suite 280
Beaverton, OR 97005
503-644-5656 Office
503-214-8069 Fax
503-201-0821 Mobile
www.anitian.com
_____________________________________
GPG public key available at: http://www.anitian.com/corp/keys.htm
_________________________________________________
NOTICE:
This email may contain confidential information,
and is for the sole use of the intended recipient.
If you are not the intended recipient, please reply
to the message and inform the sender of the error
and delete the email and any attachments from
your computer.
_________________________________________________
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------
