RE: Changes in IDS Companies?

From: Avi Chesla (avic@V-Secure.com)
Date: 10/16/02 

From: Avi Chesla <avic@V-Secure.com>
To: "'J. Foobar'" <jfoobar1@yahoo.com>, focus-ids@securityfocus.com
Date: Wed, 16 Oct 2002 11:58:46 +0200

I agree that advanced and aggressive HIDS are essential security components
and can covers a lot of servers and hosts vulnerabilities that no other
product can
Network monitors are good research and analysis tool that will help the
experts to figure out what is wrong with the traffic (not in real-time). I
think that the future is one or few Intrusion Prevention Systems that sit
in-line in the gateway of the organization (before or after the router),
these products will detect and prevent network attacks in real-time. The IPS
will receive security information coming from the HIDS (attacks that only
HIDS can detect) and will block the hackers in the gateway to the
organization before trying to hurt other hosts (without installed HIDS). I
think this is a good security platform that will be implemented in the
future (with other security product such as FW etc,).

Avi Chesla
Director of Research
Vsecure Technologies, Inc.
Www.v-secure.com
      

-----Original Message-----
From: J. Foobar [mailto:jfoobar1@yahoo.com]
Sent: Wednesday, October 16, 2002 8:10 AM
To: Avi Chesla; focus-ids@securityfocus.com
Cc: 'Samuel Cure'
Subject: RE: Changes in IDS Companies?

I remember reading an article on SF a year or more ago
entitled "The Future of IDS" or something to that
effect, wherein the author predicted the demise of
separate NIDS and HIDS to be replaced with reactive all-encompassing systems
relying on a few carefully placed network monitors and aggressively reactive
host-based systems.

Was he right?

--- Avi Chesla <avic@V-Secure.com> wrote:
> I totally agree with you. Next generation IDS ,also
> being called Intrusion
> Prevention Systems or Perimeter Security devices are
> the next step in the
> evolution of the Traditional Intrusion Detection
> Systems. Vendors such as
> Intruvert, Tipping point , Vsecure Technologies ,
> Lancope, Forescout ,
> TopLayer (Mitigator) etc, are example of some.
> All these vendors claim to have an Intrusion
> Prevention Systems which
> usually has some kinds of Adaptive capabilities,
> they do behavioral and
> protocol analysis and do not based on attack
> signature (most of them) , they
> sit in-line (most of them), they mitigate attack
> without be depended in
> other products to do the blocking...
>
> Best Regards,
>
> Avi Chesla
> Director of Research
> Vsecure Technoliges, Inc.
> www.v-secure.com
>
> -----Original Message-----
> From: Samuel Cure [mailto:scure@netpierce.net]
> Sent: Monday, October 14, 2002 10:54 PM
> To: focus-ids@securityfocus.com
> Subject: Changes in IDS Companies?
>
>
> Just noticing some changes with some known IDS
> companies and wanted some
> feedback from the community. Because Marcus Ranum
> left NFR earlier this year
> and Ron Gula has left Enterasys Networks, I am
> questioning the future of
> some early-on IDS companies. I mentioned some time
> ago that the IDS market
> will eventually consolidate and it seems like things
> are moving in that
> direction.
>
>
> To further enforce my point, word on the street is TippingPoint is now
> seeking for someone to buy them out. Does anyone
> else have anything that
> could help validate this or these types of trends in
> IDS companies?
>
>
>
> Thanks in advance!
>
> -------------------
> Samuel J. Cure
> Security Specialist
> NetPierce Security Services
> www.netpierce.net
> -------------------
>

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com
*** eSafe scanned this email for malicious content ***
*** IMPORTANT: Do not open attachments from unrecognized senders ***

Relevant Pages

  • RE: Host Based IDS Recommendations?
    ... Secuplat HIDS for NT. ... It have server agent based features. ... should collect all attack, file change auditing data, User security breaking ... Better Management for Network Security ...
    (Focus-IDS)
  • Re: NIDS and HIDS
    ... > I just recently started a new job as a network security analyst and one ... > personal firewall, HIDS, and anti-virus capability. ...
    (Focus-IDS)
  • SecurityFocus Microsoft Newsletter #50
    ... Subject: SecurityFocus Microsoft Newsletter #50 ... Specialist in Microsoft's Security Services Partner Program, ... Network Monitoring for Intrusion Detection ... Relevant URL: ...
    (Focus-Microsoft)
  • << SBS News of the week - Sept 26 >>
    ... And he points to the info you need to put the file on the server in the ... at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... by the firewall at risk. ...
    (microsoft.public.backoffice.smallbiz2000)
  • Re: << SBS News of the week - Sept 26 >>
    ... > And he points to the info you need to put the file on the server in the ... > at the network perimeter. ... The Symantec Firewall/VPN and the Gateway Security ... An attacker can exploit these flaws in tandem via specially ...
    (microsoft.public.backoffice.smallbiz2000)
Quantcast