Wishlist for IPS Products

From: PS R (secureyourself_at_gmail.com)
Date: 09/10/04

  • Next message: Brian Wotring: "Re: Linux SuSe host base IDS."
    Date: Fri, 10 Sep 2004 10:18:27 -0400
    To: focus-ids@securityfocus.com
    
    

    I have seen a lot of discussion about the differences between IDS,
    IPS, and firewalls and the potential for convergence, but I do not
    recall a discussion on the primary features that an IPS should have
    out of the box.

    I am thinking of:
    - Flow Control - limitations on flooding, unused connections, etc...
    - Robust, ACURATE signature base
    - Packet capture - no debate on how much before, as that has been covered
    - Pre-deployment network analysis tools to accelerate deployment
    - Anomaly detection
    - Alert export compatibility with 3rd party event management solutions

    It seems like discussions of this type can only serve to improve the
    products on the market (or coming to the market), since we know at
    least some of the vendors are monitoring this list.

    Jack

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------


  • Next message: Brian Wotring: "Re: Linux SuSe host base IDS."

    Relevant Pages

    • IPS Market Share
      ... Somebody asked a while back about market share and IPSs on this list. ... estimate that just over 50% of their customers ... real strength overall though is in their ability to push IPS technology ... has a strong IDS legacy, and though they've been successful selling IPS, ...
      (Focus-IDS)
    • RE: Recent Gartner IDS/IPS report
      ... > resources to properly analyze security reports, ... > replace the IDS products. ... since these same vendors compete with your ... Basing IPS entirely on IDS and making the offspring a single product is ...
      (Focus-IDS)
    • RE: IDS alerts / second - Correlation - Virtualization
      ... combinations that operating systems and applications respond improperly ... IDS alerts / second - Correlation - Virtualization ... any IPS has to do IDS first. ...
      (Focus-IDS)
    • RE: Intrusion Prevention Systems
      ... It seems were calling an reactive IDS and IPS. ... In reality, BlackICE Guard ... IPS is hardly a "test lab device" or unproven technology. ...
      (Focus-IDS)
    • RE: IDS alerts / second - Correlation - Virtualization
      ... If you take a proper IPS, and by that I don't mean an IDS that has been ... followed by rate limiting and Layer 4 checks before it ...
      (Focus-IDS)