Re: Recent Gartner IDS/IPS report
From: Andreas Hess (andi_hess_at_web.de)
Date: 06/19/03
- Previous message: Srinivasa Rao Addepalli: "Re: Recent anti-NIDS Gartner article"
- In reply to: Gary Golomb: "Recent Gartner IDS/IPS report"
- Next in thread: Golomb, Gary: "RE: Recent Gartner IDS/IPS report"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 19 Jun 2003 16:54:55 +0200 To: focus-ids@securityfocus.com
Hi,
I have just a short question. I can see the benefit of an IPS, namely
that it is possible to prevent certain attacks.
But still, an IDP is prone to false positives, in the same was as an IDS
- or did I miss something?
The evaluation process whether or not an attack is taking place does not
differ from what an IDS does. There are no new techniques!
Certainly, it is possible to combine different analysis technologies and
perhaps this also pais out but this is not said!
To my opinion it makes sense to block attacks which can be reliably
identified, but what about the others?
The limiting factor is still the rate of false alarms!
Regards
Andreas
-------------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
-------------------------------------------------------------------------------
- Previous message: Srinivasa Rao Addepalli: "Re: Recent anti-NIDS Gartner article"
- In reply to: Gary Golomb: "Recent Gartner IDS/IPS report"
- Next in thread: Golomb, Gary: "RE: Recent Gartner IDS/IPS report"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
