Re: NIPS Vendors explicit answer
From: Vikram Phatak (vphatak_at_lucidsecurity.com)
Date: 04/27/04
- Previous message: Tiago Filipe Dias: "RE: Logs correlation (again)"
- In reply to: Frank Knobbe: "Re: NIPS Vendors explicit answer"
- Next in thread: Rob Shein: "RE: NIPS Vendors explicit answer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 Apr 2004 21:06:41 -0400 To: focus-ids@securityfocus.com
I agree with you Frank. I don't think IPS shielding vulnerabilities is
a good long term solution. I like to think of it as a temporary
stop-gap that buys people some time. There have been some cases where
customers can't patch the system in question because it would break
their home-made applications and therefore used it indefinately, but I
personally would like to see that as a last resort. If for no other
reason than that if people don't patch, the rules in the system will
grow and grow and grow, performance will suffer, and eventually the
benefit from prequalifying hosts by scanning for vulnerabilities will be
eliminated.
>>As far as looking the wrong way.... I would argue that some IPS
>>vendors that have not reviewed the mission of IPS versus the mission
>>of IDS are looking the wrong way :-)
>>
>>
>
>Is that why Gartner got confused? ;)
>
>
Gartner does things for their own mysterious reasons. Only they know
why they do what they do. ;)
I think an IPS group makes a lot of sense (for whatever it's worth).
Best,
-Vik
-- Vikram Phatak CTO, Lucid Security http://www.lucidsecurity.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Tiago Filipe Dias: "RE: Logs correlation (again)"
- In reply to: Frank Knobbe: "Re: NIPS Vendors explicit answer"
- Next in thread: Rob Shein: "RE: NIPS Vendors explicit answer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
