Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: RE: Which is the most widely deployed commercial IPS

from [Andrew Plato] Network Security [Permanent Link]
Subject: RE: RE: Which is the most widely deployed commercial IPS
Date: Thu, 27 Apr 2006 15:09:23 -0700 
Where am I going with this...? My biggest concern for the deployment 
I am targeting is False Positives. I definitely want the signature to 
be in blocking-mode out of the box. I am seeing companies like ISS 
ship many signatures in non=blocking mode, which at least for me is 
useless. Whats the point having the customer try to figure out if a 
signature should be switched back to blocking on not. So a product 
like that definitely out of the running. 



Could do with some feedback from customers on here to help cut 
through the marketing and false claims.


Well, keep in mind that everybody on this list is going to portray
whatever they sell, support or adore sound great. So, its difficult if
not impossible to avoid bias and false claims. 

That much said, no IPS is going to be perfect out of the box. You have
to invest in tuning and analysis to get them in a sweet spot. Moreover,
every environment is different. So even though a vendor or reseller may
say "this is what the big boys use" doesn't mean it will work for you.

I would suggest you write down a set of requirements for an IPS. Then
pick off the top 3 or 4 IPS vendors, demo their gear, and figure out
which product fits best with your requirements. Don't trust what we say,
get the gear in front of you and use it. That's a much more appropriate
way to test which solution works.

Furthermore, you might want to consider using an managed security
provider to manage your IPS. If you're not sure what signatures to turn
on or off, let a third party experts manage this for you. 

Oh, an one last note. Symantec's host and network products are totally
different. So, your experiences in one (their host AV product) won't
apply with their network products. 

_____________________________________
Andrew Plato, CISSP
President / Principal Consultant
ANITIAN ENTERPRISE SECURITY

Your Expert Partner for Security & Networking

3800 SW Cedar Hills Blvd, Suite 280
Beaverton, OR 97005
503-644-5656 Office
503-214-8069 Fax
503-201-0821 Mobile
www.anitian.com
_____________________________________

PGP/GPG public key available at: http://www.anitian.com/corp/keys.htm 
_________________________________________________
NOTICE:
This email may contain confidential information, 
and is for the sole use of the intended recipient.  
If you are not the intended recipient, please reply 
to the message and inform the sender of the error 
and delete the email and any attachments from 
your computer. 
_________________________________________________


------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it 
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  syslogs for windows, Felipe Kaufmann
Next by Date:  Re: syslogs for windows, Kurt Buff
Previous by Thread:  RE: RE: Which is the most widely deployed commercial IPS, Alan Shimel
Next by Thread:  New site about security conferences : www.security-briefings.com, newslist@security-briefings.com
Indexes:  [Date] [Thread] [Top] [All Lists]