Wishlist for IPS Products

From: PS R (secureyourself_at_gmail.com)
Date: 09/10/04

  • Next message: Brian Wotring: "Re: Linux SuSe host base IDS."
    Date: Fri, 10 Sep 2004 10:18:27 -0400
    To: focus-ids@securityfocus.com

    I have seen a lot of discussion about the differences between IDS,
    IPS, and firewalls and the potential for convergence, but I do not
    recall a discussion on the primary features that an IPS should have
    out of the box.

    I am thinking of:
    - Flow Control - limitations on flooding, unused connections, etc...
    - Robust, ACURATE signature base
    - Packet capture - no debate on how much before, as that has been covered
    - Pre-deployment network analysis tools to accelerate deployment
    - Anomaly detection
    - Alert export compatibility with 3rd party event management solutions

    It seems like discussions of this type can only serve to improve the
    products on the market (or coming to the market), since we know at
    least some of the vendors are monitoring this list.


    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.

  • Next message: Brian Wotring: "Re: Linux SuSe host base IDS."