RE: eEye Blink and other Endpoint IPS solutions.
mashraf_at_hushmail.com
Date: 06/30/05
- Previous message: Baron Biza: "Re: IDS for Unix"
- Maybe in reply to: mashraf_at_hushmail.com: "eEye Blink and other Endpoint IPS solutions."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 30 Jun 2005 04:27:25 -0700 To: <focus-ids@securityfocus.com>
Hi,
Just wanted to say thanks for all your replies, here and emailed!
There were some valuable comments and suggestions especially
considering I gave so little information in my original questions.
I've been working with IDS for a few years now and it has been
problematic and ultimately judged unsuccessful by any currently
meaningful criteria. Business requirements have changed so much in
the last 3 or 4 years that what was once intended as a perimeter
monitoring tool has ended up being judged on its ability to detect
internal intrusions. This meant deploying unmanageable numbers of
Snort sensors, being completely overwhelmed by the false alerts and
spending countless hours fine tuning signatures on server by server
basis. I know many of you must have had similar problems.
I'd love to have a NIP appliance that could protect the entire
server subnet but with 50 or more MS servers each connected by dual
gigabit ethernet to switches with a notional backplane throughput
of 64Gbs I think I may be being a bit optimistic! I've yet to find
a NIPS that even claims to be able to exceed 5Gbs so I think that
my only real option is something host based and maybe a couple of
perimeter NIP devices for DDoS protection if I decide the risk
warrants the cost.
I can't imagine that our requirements are so very different from
other much larger organisations so it is strange that so many IPS
companies seem hung up on perimeter defence while the rest of the
security industry has changed.
On the plus side it makes evaluating the options much easier when
there seem to be only Cisco and eEye in the marketplace :)
Thanks,
Mina
Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2
Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434
Promote security and make money with the Hushmail Affiliate Program:
http://www.hushmail.com/about-affiliate?l=427
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Baron Biza: "Re: IDS for Unix"
- Maybe in reply to: mashraf_at_hushmail.com: "eEye Blink and other Endpoint IPS solutions."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
