RE: Network IDS
From: Steffen Kluge (kluge_at_fujitsu.com.au)
Date: 08/22/03
- Previous message: Steffen Kluge: "Re: Network IDS"
- In reply to: Robert.Lupo_at_nokia.com: "RE: Network IDS"
- Next in thread: Andreas Krennmair: "Re: Network IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: focus-ids@securityfocus.com Date: Fri, 22 Aug 2003 12:04:20 +1000
On Wed, 2003-08-20 at 05:52, Robert.Lupo@nokia.com wrote:
> I have seen time and time again people buying a product, getting
> vendor training and then viewing the logs and thinking "wo ho! I have
> IDS!" but do you know how to write your own rules, signatures, analyze
> the traffic for what your company needs?
If they don't then that "woohoo!" will quickly turn into a "curse that
wretched IDS!". The system will swamp them with logs, the sheer amount
of which will make it near impossible to spot the interesting bits among
the noise. In the end they will concede that the whole IDS idea was an
expensive flop.
I believe this is part of the sentiment the Gartner article reflects.
Of course, commercial NIDS vendors have only themselves to blame for
this backlash. While they were busy grabbing a slice of the market the
new IDS buzzword created they neglected (or forgot, or avoided) to tell
customers that IDS is a tool that's only useful in skilled hands.
Cheers
Steffen.
- application/pgp-signature attachment: This is a digitally signed message part
- Previous message: Steffen Kluge: "Re: Network IDS"
- In reply to: Robert.Lupo_at_nokia.com: "RE: Network IDS"
- Next in thread: Andreas Krennmair: "Re: Network IDS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
