RE: Changes in IDS Companies?

From: Karl Lynn (klynn@stackheap.org)
Date: 10/16/02 

Date: Wed, 16 Oct 2002 19:35:02 +0000 (GMT)
From: Karl Lynn <klynn@stackheap.org>
To: <focus-ids@securityfocus.com>

IDS's have been using reactive measures for some time now (Send RST
packets, reconfiguration of firewalls..etc..etc). This usually isn't a
function that the vendor will have configured out of the box but the
technology has been there. I think I would have to agree with Marty on
this one, I like the layered effect as opposed to one device handling the
work and load of many. I also agree that the method of IPS has not been
addressed at all angles such as bandwidth, false-positive rates, but most
importantly the impact of the false-positive. Since your IPS is basically
interacting with firewalls, sending RST packets, or even doing the
blocking itself. I'd like to see the IDS evolve into a more interacting
product which works with multiple security devices within the network like
firewalls, routers, vulnerability scanners..etc..etc The last thing I
want is something that got pushed out the door cause of "buzz word bingo".
Not to say its a bad idea or anything but get the IDS down right then lets talk
IPS.

-Karl

On Tue, 15 Oct 2002, J. Foobar wrote:

> I remember reading an article on SF a year or more ago
> entitled "The Future of IDS" or something to that
> effect, wherein the author predicted the demise of
> separate NIDS and HIDS to be replaced with reactive
> all-encompassing systems relying on a few carefully
> placed network monitors and aggressively reactive
> host-based systems.
>
> Was he right?
>
> --- Avi Chesla <avic@V-Secure.com> wrote:
> > I totally agree with you. Next generation IDS ,also
> > being called Intrusion
> > Prevention Systems or Perimeter Security devices are
> > the next step in the
> > evolution of the Traditional Intrusion Detection
> > Systems. Vendors such as
> > Intruvert, Tipping point , Vsecure Technologies ,
> > Lancope, Forescout ,
> > TopLayer (Mitigator) etc, are example of some.
> > All these vendors claim to have an Intrusion
> > Prevention Systems which
> > usually has some kinds of Adaptive capabilities,
> > they do behavioral and
> > protocol analysis and do not based on attack
> > signature (most of them) , they
> > sit in-line (most of them), they mitigate attack
> > without be depended in
> > other products to do the blocking...
> >
> > Best Regards,
> >
> > Avi Chesla
> > Director of Research
> > Vsecure Technoliges, Inc.
> > www.v-secure.com
> >
> > -----Original Message-----
> > From: Samuel Cure [mailto:scure@netpierce.net]
> > Sent: Monday, October 14, 2002 10:54 PM
> > To: focus-ids@securityfocus.com
> > Subject: Changes in IDS Companies?
> >
> >
> > Just noticing some changes with some known IDS
> > companies and wanted some
> > feedback from the community. Because Marcus Ranum
> > left NFR earlier this year
> > and Ron Gula has left Enterasys Networks, I am
> > questioning the future of
> > some early-on IDS companies. I mentioned some time
> > ago that the IDS market
> > will eventually consolidate and it seems like things
> > are moving in that
> > direction.
> >
> >
> > To further enforce my point, word on the street is
> > TippingPoint is now
> > seeking for someone to buy them out. Does anyone
> > else have anything that
> > could help validate this or these types of trends in
> > IDS companies?
> >
> >
> >
> > Thanks in advance!
> >
> > -------------------
> > Samuel J. Cure
> > Security Specialist
> > NetPierce Security Services
> > www.netpierce.net
> > -------------------
> >
>
>
> __________________________________________________
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
>

Relevant Pages

  • RE: Recent Gartner IDS/IPS report
    ... > resources to properly analyze security reports, ... > replace the IDS products. ... since these same vendors compete with your ... Basing IPS entirely on IDS and making the offspring a single product is ...
    (Focus-IDS)
  • Re: On IDS Evasion, Vulnerabilities, and Vendor Hype
    ... On IDS Evasion, Vulnerabilities, and Vendor Hype ... encoding, unlike %u encoding." ... How long was it before some vendors ... > vulnerability. ...
    (Focus-IDS)
  • On IDS Evasion, Vulnerabilities, and Vendor Hype
    ... On IDS Evasion, Vulnerabilities, and Vendor Hype ... IDS vendors sometimes must completely rewrite parts of their engines ... Eeye cast the first stone with their advisory %u encoding IDS bypass ... vulnerability. ...
    (Focus-IDS)
  • On IDS Evasion, Vulnerabilities, and Vendor Hype
    ... On IDS Evasion, Vulnerabilities, and Vendor Hype ... IDS vendors sometimes must completely rewrite parts of their engines ... Eeye cast the first stone with their advisory %u encoding IDS bypass ... vulnerability. ...
    (Bugtraq)
  • RE: Intrusion Prevention
    ... but the same is true for all commecrcial vendors ... >sometimes we're told that we cannot see the testing methodology upfront. ... >This dumbfounds me for all the reasons that MJR already ... IDS testing is too easy to inadvertently (and sometimes ...
    (Focus-IDS)
Quantcast