RE: Changes in IDS Companies?

From: Avi Chesla (avic@V-Secure.com)
Date: 10/15/02 

From: Avi Chesla <avic@V-Secure.com>
To: focus-ids@securityfocus.com
Date: Tue, 15 Oct 2002 10:45:50 +0200

I totally agree with you. Next generation IDS ,also being called Intrusion
Prevention Systems or Perimeter Security devices are the next step in the
evolution of the Traditional Intrusion Detection Systems. Vendors such as
Intruvert, Tipping point , Vsecure Technologies , Lancope, Forescout ,
TopLayer (Mitigator) etc, are example of some.
All these vendors claim to have an Intrusion Prevention Systems which
usually has some kinds of Adaptive capabilities, they do behavioral and
protocol analysis and do not based on attack signature (most of them) , they
sit in-line (most of them), they mitigate attack without be depended in
other products to do the blocking...

Best Regards,

Avi Chesla
Director of Research
Vsecure Technoliges, Inc.
www.v-secure.com

-----Original Message-----
From: Samuel Cure [mailto:scure@netpierce.net]
Sent: Monday, October 14, 2002 10:54 PM
To: focus-ids@securityfocus.com
Subject: Changes in IDS Companies?

Just noticing some changes with some known IDS companies and wanted some
feedback from the community. Because Marcus Ranum left NFR earlier this year
and Ron Gula has left Enterasys Networks, I am questioning the future of
some early-on IDS companies. I mentioned some time ago that the IDS market
will eventually consolidate and it seems like things are moving in that
direction.

To further enforce my point, word on the street is TippingPoint is now
seeking for someone to buy them out. Does anyone else have anything that
could help validate this or these types of trends in IDS companies?

Thanks in advance!

-------------------
Samuel J. Cure
Security Specialist
NetPierce Security Services
www.netpierce.net
-------------------

Relevant Pages

  • RE: False Positives
    ... > when no actual exploited attack has ... > when attackers attempt to overload an IDS' alert processing ... > Subject: False Positives ... > IntruShield now offers unprecedented Intrusion IntelligenceTM ...
    (Focus-IDS)
  • RE: IDS failures and avoiding them (WAS: Rather funny; looks like page defacement to me)
    ... Intrusion Analyst aboard an Aircraft Carrier, where my full time job was ... doing Intrusion Detection, I would tend to agree with the assessment ... of false positives that are being generated by your "MUST HAVE" IDS ... your network load is maxing out your 100 Mbps cards on the periphery, ...
    (Focus-IDS)
  • RE: Rather funny; looks like page defacement to me
    ... another security tool (VA, AV, firewall, etc.) that could have done the job ... I am not saying the IDS are always useless, but they are most useful as ... they denigrate Intrusion Prevention Systems and hail ...
    (Focus-IDS)
  • Re: "false positive" inanity
    ... So Mr. Snyder is asking for an IDS that does not need to be configured? ... maximum control of his/her network. ... attack. ... > assuming that it is not an intrusion. ...
    (Focus-IDS)
  • RE: False Positives
    ... There isn't an IDS system that will not report "false positives" ... tools are not actually attacking but testing, and they report an attack, ... > IntruShield now offers unprecedented Intrusion IntelligenceTM ...
    (Focus-IDS)