Andrew Plato wrote: > IPS is far from immature. The first in-line IPS was BlackICE Guard. I > installed one of the first in late 1999.
The first IDS paper dates in the 80s. Still, I would not say IDS, or IPS, are a mature technology. It's not a point of being old - it's a point of being EFFECTIVE. > A well tuned IPS can be pretty lean on > false positives. Standard considerations apply, as for IDS > a few POSSIBLE disruptions > due to false positives, or getting hacked and 0wn3d and losing your > business. You are implying that the likelyhood of the IPS stopping a nasty attack are way above the likelyhood of false positives. This is exactly what you're trying to prove ;) > Firewalls are not IPSs. I see less and less difference among the two. > IDS may not be dead, but its value is diminishing. IPS is just the reactive sort of IDS, so the debate on IDS vs. IPS is not very interesting... > Moreover, the value of an IDS diminishes even more if you lack in-house > analytical capabilities. If you don't have those capabilities, how are you going to setup an IPS, exactly ? > These are, of course, my opinions. And naturally, I have a vested > interest in people buying more IPSs - because I sell them. I don't :) Stefano ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
