RE: Top IPS vendors - please read for invitation to Network World review.

From: Mark Teicher (mht3_at_earthlink.net)
Date: 08/28/03

Next message: Mark Teicher: "RE: Network IDS"

Previous message: Chan Kien Eng: "RE: Top IPS vendors - please read for invitation to Network World review."
Maybe in reply to: Zach Forsyth: "RE: Top IPS vendors - please read for invitation to Network World review."
Next in thread: William Bradd: "RE: Top IPS vendors - please read for invitation to Network World review."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 27 Aug 2003 23:39:41 -0600
To: "Zach Forsyth" <Zach.Forsyth@kiandra.com>, "Paul Schmehl" <pauls@utdallas.edu>, <focus-ids@securityfocus.com>, <seth.knox@sygate.com>

Zach,

You are exactly correct, PREVENTION is key to the technology, most IPS
products that are available today have an underlying IDS piece with some
basic PREVENTION functionality (i.e. TCP SNIPE, TCP RESET), but not enough
PREVENTION to fully analyze the transaction. IPS are not easily applicable
to SAP based applications..

/mark

At 10:36 PM 8/27/2003, Zach Forsyth wrote:

> >-----Original Message-----
> >From: Mark Teicher [mailto:mht3@earthlink.net]
> >Sent: Wednesday, 27 August 2003 22:30 PM
> >To: Paul Schmehl; focus-ids@securityfocus.com; seth.knox@sygate.com
> >Subject: Re: Top IPS vendors - please read for invitation to Network
>World review.
> >
> >
> >The real question I have is what defines an IPS product versus an IDS..
>IDS
> >is obvious, but IPS, it is a very tough definition
>
>Intrusion DETECTION system
>
>Intrusion PREVENTION system
>
>Seems fairly fundamental to me...I think I know what you are trying to
>say though, keep referring back to the word prevention :)

---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), October 1-2 (Briefings) in Tysons Corner, VA; the worlds premier
technical IT security event. Modeled after the famous Black Hat event in
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.
Symanetc is the Diamond sponsor. Early-bird registration ends September 6 Visit: www.blackhat.com
---------------------------------------------------------------------------

Next message: Mark Teicher: "RE: Network IDS"

Previous message: Chan Kien Eng: "RE: Top IPS vendors - please read for invitation to Network World review."
Maybe in reply to: Zach Forsyth: "RE: Top IPS vendors - please read for invitation to Network World review."
Next in thread: William Bradd: "RE: Top IPS vendors - please read for invitation to Network World review."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: IPS technology question.
... The Intrusion Prevention technology is in quite an exciting phase. ... these devices aren't even worthy of being called an IPS, ... used instead of producing the costly and painstaking FPGA-based ... protocol decoding is also seeing some interesting trends. ...
(Focus-IDS)
Re: Top IPS vendors - please read for invitation to Network World review.
... Top IPS vendors - please read for invitation to Network World ... Attend Black Hat Briefings & Training Federal, September 29-30, ... Modeled after the famous Black Hat event in ... Symanetc is the Diamond sponsor. ...
(Focus-IDS)
RE: Increase in scans on TCP port 1 (tcpmux)?
... decreasing IP ranges. ... down infected boxes with decreasing IPs and initiating ... Modeled after the famous Black Hat event in ... Symantec is the Diamond sponsor. ...
(Incidents)