Re: Wishlist for IPS Products - HYBRID IPS

• Previous message: Murtland, Jerry: "RE: session logging IDS"
• In reply to: PS R: "Wishlist for IPS Products"
• Next in thread: David Maynor: "Re: Wishlist for IPS Products"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "PS R" <secureyourself@gmail.com>, <focus-ids@securityfocus.com>
Date: Sun, 12 Sep 2004 11:12:47 +0100

Hey Jack,
Great wish list and some of the vendors are moving towards much of this
functionality. However, presently I see a divide in the technology; firstly
rate based products which have been termed Attack Mitigation Systems and
secondly content based products termed Intrusion Prevention Systems. As I
mentioned earlier, many of the products focus on one or the other side of
the divide, but increasingly offer both types of analysis in a hybrid
fashion. Looking at your wishlist is appears you are aiming at the Hybrid
IPS market

I have attempted to divide the 2 camps below.
AMS http://securitywizardry.com/idsdosmit.htm
Network IPS http://securitywizardry.com/inline.htm
But I haven't looked at breaking out the various Hybrid IPS, if anyone
wishes to take this on I will create the page, though with a 5 hour daily
commute have very little time for online researching of the products (Hence
I've been quiet for the last few weeks)

 -andy cuff
Talisker's Computer Security Portal
Computer Network Defence Ltd
http://www.securitywizardry.com
----- Original Message -----
From: "PS R" <secureyourself@gmail.com>
To: <focus-ids@securityfocus.com>
Sent: Friday, September 10, 2004 3:18 PM
Subject: Wishlist for IPS Products

> I have seen a lot of discussion about the differences between IDS,
> IPS, and firewalls and the potential for convergence, but I do not
> recall a discussion on the primary features that an IPS should have
> out of the box.
>
> I am thinking of:
> - Flow Control - limitations on flooding, unused connections, etc...
> - Robust, ACURATE signature base
> - Packet capture - no debate on how much before, as that has been covered
> - Pre-deployment network analysis tools to accelerate deployment
> - Anomaly detection
> - Alert export compatibility with 3rd party event management solutions
>
> It seems like discussions of this type can only serve to improve the
> products on the market (or coming to the market), since we know at
> least some of the vendors are monitoring this list.
>
> Jack
>
> --------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
> Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
> --------------------------------------------------------------------------
>

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

• Previous message: Murtland, Jerry: "RE: session logging IDS"
• In reply to: PS R: "Wishlist for IPS Products"
• Next in thread: David Maynor: "Re: Wishlist for IPS Products"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]