Andrew While I can appreciate what you are saying, your own commercial position makes it difficult to put much weight behind what you are saying. The sheer number of people using snort sensors would seem to indicate other than what you are saying. Also, the many products that give pure, vanilla snort a polished commercial feel, are a fine match for many of the products you mention. Our own freeware IPS, strata guard free (http://www.stillsecure.org), which is snort based, is a perfect example of this. It probably does as good a job on the false positives as any of the "commercial" products you mention.
It is a wide market out there! alan StillSecure Alan Shimel Chief Strategy Officer O 303.381.3815 C 516.857.7409 F 303.381.3881 email [EMAIL PROTECTED] blog http://ashimmy.typepad.com www.stillsecure.com The information transmitted is intended only for the person to whom it is addressed and may contain confidential material. Review or other use of this information by persons other than the intended recipient is prohibited. If you've received this in error, please contact the sender and delete from any computer. -----Original Message----- From: Andrew Plato [mailto:[EMAIL PROTECTED] Sent: Friday, April 07, 2006 12:05 PM To: Will Metcalf Cc: [email protected] Subject: RE: IDS vs. IPS deployment feedback > I'm not saying that an IPS does not have value, I'm saying > it should be part of an overall security strategy, not your > end all solution for detecting and preventing intrusions, > as the view that it gives even the most novice analyst is > far too narrow. Okay Will, here we agree. An IPS must be part of a larger security strategy. It cannot stand alone. I completely agree with that. However, I maintain my position that most businesses lack the analytical capabilities to deploy resource intensive technologies (like SNORT). Hence, commercial IPS that can filter off a set of known vulnerabilities reduces the overall workload and offers a layer of protection. Also, the majority of attacks in the wild are well-known and easily detected and blocked. _____________________________________ Andrew Plato, CISSP, CISM President/Principal Consultant ANITIAN ENTERPRISE SECURITY Your Expert Partner for Security & Networking 3800 SW Cedar Hills Blvd, Suite 280 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com _____________________________________ GPG public key available at: http://www.anitian.com/corp/keys.htm _________________________________________________ NOTICE: This email may contain confidential information, and is for the sole use of the intended recipient. If you are not the intended recipient, please reply to the message and inform the sender of the error and delete the email and any attachments from your computer. _________________________________________________ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
