Re: IPS, alternative solutions

• Previous message: Johann_van_Duyn_at_bat.com: "Re: IPS, alternative solutions"
• In reply to: Scott Wimer: "Re: IPS, alternative solutions"
• Next in thread: Scott Wimer: "Re: IPS, alternative solutions"
• Reply: Scott Wimer: "Re: IPS, alternative solutions"
• Reply: Jason Haar: "Re: IPS, alternative solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 15 Sep 2004 15:47:28 -0400
To: Scott Wimer <scottw@cylant.com>

I've heard of no medium+ sized business that is considering deploying
inline technology on the internals of the network in a sufficiently
pervasive manner that there would be any measurable benefit from the
technology over patching and asset management.

I would be seriously interested in an ROI that can demonstrate savings.

The simple question is how is inline packet scrubbing easier and more
cost effective than patching?

Scott Wimer wrote:

> Daniel,
>
> I agree with your assessment. What I have encountered in the
> financial sector though is a desire to have the packets "scrubbed"
> before they reach the servers. People _want_ to deploy network based
> IPS tools because it is easier and more cost effective. That it
> doesn't seem to be possible yet is another story altogether.
>
> Regards, Scott Wimer
>
> On Tue, 2004-09-14 at 06:01, Daniel wrote:
>
>> So far there has been a load of talk discussing which is the better
>> technology. Personally i dont think IPS is ready for the big time.
>> Yeah its great for small mum and dad networks, but for large
>> financial networks with billions of pounds flowing across them,
>> would you trust a technology to think and block what it seems as
>> bad traffic?
>>
>> So what are the alternatives? I'd say more host based protection
>> such as:
>>
>> - Stack protection - Application level firewalls
>> (ModSecurity/SecureIIS) - Host based firewalls
>>
>> I'm interested to see what everyone else feels are alternatives to
>> IPS
>>
>>
>> --------------------------------------------------------------------------
>> Test Your IDS
>>
>> Is your IDS deployed correctly? Find out quickly and easily by
>> testing it with real-world attacks from CORE IMPACT. Go to
>> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
>> to learn more.
>> --------------------------------------------------------------------------

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
--------------------------------------------------------------------------

• Previous message: Johann_van_Duyn_at_bat.com: "Re: IPS, alternative solutions"
• In reply to: Scott Wimer: "Re: IPS, alternative solutions"
• Next in thread: Scott Wimer: "Re: IPS, alternative solutions"
• Reply: Scott Wimer: "Re: IPS, alternative solutions"
• Reply: Jason Haar: "Re: IPS, alternative solutions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]