Re: IPS, alternative solutions

From: Scott Wimer (scottw_at_cylant.com)
Date: 09/15/04

  • Next message: Yusuf Wilajati Purna: "LIDS 1.2.2rc3 for Linux kernel 2.4.27 released" 
    To: Jason <security@brvenik.com>
Date: Wed, 15 Sep 2004 15:52:51 -0400

    I don't think it is easier or more cost effective. This is merely my
    observation of what they _want_, not what they can have. :)

    Scott Wimer
    On Wed, 2004-09-15 at 15:47, Jason wrote:
    > I've heard of no medium+ sized business that is considering deploying
    > inline technology on the internals of the network in a sufficiently
    > pervasive manner that there would be any measurable benefit from the
    > technology over patching and asset management.
    >
    > I would be seriously interested in an ROI that can demonstrate savings.
    >
    > The simple question is how is inline packet scrubbing easier and more
    > cost effective than patching?
    >
    > Scott Wimer wrote:
    >
    > > Daniel,
    > >
    > > I agree with your assessment. What I have encountered in the
    > > financial sector though is a desire to have the packets "scrubbed"
    > > before they reach the servers. People _want_ to deploy network based
    > > IPS tools because it is easier and more cost effective. That it
    > > doesn't seem to be possible yet is another story altogether.
    > >
    > > Regards, Scott Wimer
    > >
    > > On Tue, 2004-09-14 at 06:01, Daniel wrote:
    > >
    > >> So far there has been a load of talk discussing which is the better
    > >> technology. Personally i dont think IPS is ready for the big time.
    > >> Yeah its great for small mum and dad networks, but for large
    > >> financial networks with billions of pounds flowing across them,
    > >> would you trust a technology to think and block what it seems as
    > >> bad traffic?
    > >>
    > >> So what are the alternatives? I'd say more host based protection
    > >> such as:
    > >>
    > >> - Stack protection - Application level firewalls
    > >> (ModSecurity/SecureIIS) - Host based firewalls
    > >>
    > >> I'm interested to see what everyone else feels are alternatives to
    > >> IPS
    > >>
    > >>
    > >> --------------------------------------------------------------------------
    > >> Test Your IDS
    > >>
    > >> Is your IDS deployed correctly? Find out quickly and easily by
    > >> testing it with real-world attacks from CORE IMPACT. Go to
    > >> http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    > >> to learn more.
    > >> --------------------------------------------------------------------------
    >

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------

  • Next message: Yusuf Wilajati Purna: "LIDS 1.2.2rc3 for Linux kernel 2.4.27 released"