Re: IPS technology question.

From: planz (planz2009_at_gmail.com)
Date: 08/24/05

  • Next message: Swift, David: "RE: IPS technology question." 
    Date: Wed, 24 Aug 2005 10:13:40 +0800
To: snort user <snort.user@gmail.com>

    I don't get, what do you mean by "Percentage", since we have uncounted
    number of vendors/brands of IPS today.

    If you look at the technology angle, the vendors who are offering both
    Software and Appliance versions of the same IPS, falls into the first
    category. To take a look back at the market, we find only very few
    vendors, like ISS, Snort, Dragon, ...hmmm.. Can somebody help to
    fill-up the list.

    Whether it is IDS or IPS, it is important to look at the Detection
    Technology. If it cannot detect, how can it alert or prevent?

    In an IPS world, firewall plays behind the scenes; since the IDS is
    configuring the built-in firewall feature to block.

    snort user wrote:

    >Greetings.
    >
    >What percentage of the IPS systems are out there, which does not use
    >co-processors/FPGA etc..
    >
    > What percentage of the IPS systems depend on firewalls like iptables
    >and ip filter ?
    >
    >I am just trying to get an idea of what is the state of art in the IPS
    >technology space.
    >
    >Any information is appreciated.
    >
    >Thanks
    >
    >------------------------------------------------------------------------
    >Test Your IDS
    >
    >Is your IDS deployed correctly?
    >Find out quickly and easily by testing it
    >with real-world attacks from CORE IMPACT.
    >Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    >to learn more.
    >------------------------------------------------------------------------
    >
    >
    >
    >

    ------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it
    with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
    to learn more.
    ------------------------------------------------------------------------

  • Next message: Swift, David: "RE: IPS technology question."

    Relevant Pages

    • RE: Recent Gartner IDS/IPS report
      ... > resources to properly analyze security reports, ... > replace the IDS products. ... since these same vendors compete with your ... Basing IPS entirely on IDS and making the offspring a single product is ...
      (Focus-IDS)
    • RE: IDS alerts / second - Correlation - Virtualization
      ... combinations that operating systems and applications respond improperly ... IDS alerts / second - Correlation - Virtualization ... any IPS has to do IDS first. ...
      (Focus-IDS)
    • RE: IDS alerts / second - Correlation - Virtualization
      ... If you take a proper IPS, and by that I don't mean an IDS that has been ... followed by rate limiting and Layer 4 checks before it ...
      (Focus-IDS)
    • RE: Intrusion Prevention Systems
      ... It seems were calling an reactive IDS and IPS. ... In reality, BlackICE Guard ... IPS is hardly a "test lab device" or unproven technology. ...
      (Focus-IDS)
    • RE: IDS evaluations procedures
      ... An example would be to use an IPS to force all HTTP requests to have the host header www.xyz.com this will stop a significant proportion of HTTP noise before signature matching. ... Conversely with IDS you just don’t have the ability to white list traffic in this way, I guess you could RST any request that didn’t match the URL but I think fragmented buffer overflows and the like could sneak through - so it’s risky. ... Traffic-based anomalies? ... Are you only interested in classic "attacks" (fire up Nessus, ...
      (Focus-IDS)