RE: IPS (was: [fw-wiz] Sources for Extranet Designs?)

From: Marcus J. Ranum (mjr_at_ranum.com)
Date: 03/08/04

  • Next message: Paul Robertson: "Re: [fw-wiz] AIM to iChat AV" 
    To: "Stiennon,Richard" <Richard.Stiennon@gartner.com>, "Ben Nagy" <ben@iagu.net>, <firewall-wizards@honor.icsalabs.com>
Date: Sun, 07 Mar 2004 18:31:10 -0500

    I wrote (in response to Stiennon)
    >And since we've got you here....
    >
    >Can you explain how these "signatures" and "protocol anomaly" detectors
    >and "behavior and flow capabilities" are going to NOT suffer all the problems
    >with false positives that caused Gartner to announce that IDS was a
    >failure?

    Well, it's been a couple weeks since I posted that, and obviously the
    Gartner faction has crawled back under its rock and isn't going to pick
    up the glove. :( :( But, are we surprised...?

    That's the problem with these 'Industry analyst' types. Pinning them down
    is nearly impossible, because when they find themselves in an arena
    where the clue level is too high for them to peddle their bull-p00, they
    scurry off to someplace safe. They're like cockroaches - shine the harsh
    light of reason on them, and they've suddenly got an important meeting
    to attend someplace else. With some non-technical suit who won't
    call them on the obvious contradictions in their ex cathedra
    pronouncements.

    Of course the reason Stiennon didn't try to answer my question
    is because there *ISN'T* an answer. Gartner hyped the hell out
    of "Intrusion Prevention" because they were *paid* to do so. I find
    it extremely ironic that they hyped one "concept" technology by
    claiming that it's very underpinnings didn't work and were the
    "pet rock of computer security."

    I think that makes Gartner the "horse's buttocks" of analyst firms.

    mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul Robertson: "Re: [fw-wiz] AIM to iChat AV"