re[2]: Gateway IDS

From: Christopher Cantrell (cantrell@onesecure.com)
Date: 06/27/02 

Date: Thu, 27 Jun 2002 06:46:01 -0600
From: Christopher Cantrell <cantrell@onesecure.com>
To: Frank Knobbe <fknobbe@knobbeits.com>, "Hiemstra, Brenno" <brenno.hiemstra@ignite.nl>

Hi Frank,

>> While nice in concept, I doubt that these gateway IDS will find wide
>> acceptance due to their latency. Signature sets are growing, protocols
>> are added, but at the same time, bandwidth demand is increasing. I doubt
>> GIDS will win that race...

I think you have a great point about latency but it is interesting to hear you don't believe of wide acceptance due to latency. 5 years ago, some people thought this about firewalls and now it has become a critical component to the security of a network. The advancements in that technology proved not to impact performance. The advancements being made now in IDS technology (layer 2 and layer 3 support, high availability, load-balanced, STP, stateful (context-based) signatures, etc) all lead to products which can be integrated inline while providing packet processing "and" threat detection at speeds similar to firewalls today. With these rapid developments being made, I would argue there will be a mass mindset shift to implement inline over passive devices in the next 12 months.

Just my 2 cents

Best regards,
-chris