RE: NIPS Vendors explicit answer

From: Teicher, Mark (Mark) (teicher_at_avaya.com)
Date: 04/27/04

  • Next message: Zhenwei Yu: "amount of alarms generated by IDS"
    Date: Tue, 27 Apr 2004 09:46:51 -0600
    To: "Vikram Phatak" <vphatak@lucidsecurity.com>, <focus-ids@securityfocus.com>
    
    

    I chuckle everytime I hear the word "IPS Shielding" since this was the
    marketing term previously used by Entercept.
    Would a NIPS vendor would like to explain their theory on IPS shielding
    of vulnerabilities, inquiring minds would like to know

    /cheers

    /mht
     

    -----Original Message-----
    From: Vikram Phatak [mailto:vphatak@lucidsecurity.com]
    Sent: Monday, April 26, 2004 07:07 PM
    To: focus-ids@securityfocus.com
    Subject: Re: NIPS Vendors explicit answer

    I agree with you Frank. I don't think IPS shielding vulnerabilities is
    a good long term solution. I like to think of it as a temporary
    stop-gap that buys people some time. There have been some cases where
    customers can't patch the system in question because it would break
    their home-made applications and therefore used it indefinately, but I
    personally would like to see that as a last resort. If for no other
    reason than that if people don't patch, the rules in the system will
    grow and grow and grow, performance will suffer, and eventually the
    benefit from prequalifying hosts by scanning for vulnerabilities will be
    eliminated.

    >>As far as looking the wrong way.... I would argue that some IPS
    >>vendors that have not reviewed the mission of IPS versus the mission
    >>of IDS are looking the wrong way :-)
    >>
    >>
    >
    >Is that why Gartner got confused? ;)
    >
    >
    Gartner does things for their own mysterious reasons. Only they know
    why they do what they do. ;)

    I think an IPS group makes a lot of sense (for whatever it's worth).

    Best,

        -Vik

    --
    Vikram Phatak
    CTO, Lucid Security
    http://www.lucidsecurity.com
    ------------------------------------------------------------------------
    ---
    ------------------------------------------------------------------------
    ---
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Zhenwei Yu: "amount of alarms generated by IDS"