Re: NIPS Vendors explicit answer

From: Vikram Phatak (vphatak_at_lucidsecurity.com)
Date: 04/27/04

  • Next message: Vikram Phatak: "Re: NIPS Vendors explicit answer"
    Date: Mon, 26 Apr 2004 21:06:41 -0400
    To: focus-ids@securityfocus.com
    
    

    I agree with you Frank. I don't think IPS shielding vulnerabilities is
    a good long term solution. I like to think of it as a temporary
    stop-gap that buys people some time. There have been some cases where
    customers can't patch the system in question because it would break
    their home-made applications and therefore used it indefinately, but I
    personally would like to see that as a last resort. If for no other
    reason than that if people don't patch, the rules in the system will
    grow and grow and grow, performance will suffer, and eventually the
    benefit from prequalifying hosts by scanning for vulnerabilities will be
    eliminated.

    >>As far as looking the wrong way.... I would argue that some IPS
    >>vendors that have not reviewed the mission of IPS versus the mission
    >>of IDS are looking the wrong way :-)
    >>
    >>
    >
    >Is that why Gartner got confused? ;)
    >
    >
    Gartner does things for their own mysterious reasons. Only they know
    why they do what they do. ;)

    I think an IPS group makes a lot of sense (for whatever it's worth).

    Best,

        -Vik

    -- 
    Vikram Phatak
    CTO, Lucid Security
    http://www.lucidsecurity.com
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Vikram Phatak: "Re: NIPS Vendors explicit answer"