Re: NADS ( was RE: IPS comparison)

From: Seek Knowledge (aseeker03_at_yahoo.com)
Date: 08/31/05

Next message: viktorija: "snort & prelude-manager"

Previous message: Seek Knowledge: "RE: IPS comparison"
In reply to: Joseph Hamm: "NADS ( was RE: IPS comparison)"
Next in thread: Stefano Zanero: "Re: NADS ( was RE: IPS comparison)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 31 Aug 2005 12:44:19 +0100 (BST)
To: Joseph Hamm <jhamm@lancope.com>, Stefano Zanero <s.zanero@securenetwork.it>, Daniel Cid <danielcid@yahoo.com.br>, Focus-Ids Mailing List <focus-ids@securityfocus.com>

Joe wrote ....

> ... "infrastructure IPS".... allows the NADS to find
the
> piece of network infrastructure closest to the
threat
> (router, switch, firewall, etc.) and take blocking
action
> there in order to quarantine the attack.

Can you point me to some info on the infrastructure
examples where this would work? Sounds like a great
concept but when I evaluated Lancope last year, I
don't remember this feature being present at the time.

> ...However, in speaking with customers, it [IPS] is
too
> costly to deploy in a scenario that can give you
> adequate network visibility or proper blocking
> capabilities inside your organization.

Just because it is costly does not mean it is not a
good security solution. It just means that the
solution is expensive.. but it does exist. I am
fighting this battle now trying to get IPS deployed
everywhere possible. My justification... I either get
one security analyst per critical segment and charge
him with watching 24x7x365 and responding within 10
seconds or I deploy IPS. The IPS solution is cheaper
and more practical.

I too share your sentiment about IPS being sold as the
"silver bullet." I wanted it to be. I tried it... and
it was not. It is another tool in the infrastructure
tool kit.

Regards,
Hassan Karim, CISSP

Send instant messages to your online friends http://uk.messenger.yahoo.com

------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
------------------------------------------------------------------------

Next message: viktorija: "snort & prelude-manager"

Previous message: Seek Knowledge: "RE: IPS comparison"
In reply to: Joseph Hamm: "NADS ( was RE: IPS comparison)"
Next in thread: Stefano Zanero: "Re: NADS ( was RE: IPS comparison)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: IPS comparison
... Cost and 2) Infrastructure... ... I can deploy IDS without really purchasing anything ... put an IPS inline which can possibly have a bad affect ...
(Focus-IDS)
Re: CISCOs new IPS
... > I'm right now in the middle of a Project with the goal to implement an IPS ... > in an existing infrastructure. ... > Find out quickly and easily by testing it with real-world attacks from ... > CORE IMPACT. ...
(Focus-IDS)
CISCOs new IPS
... I'm right now in the middle of a Project with the goal to implement an IPS ... in an existing infrastructure. ... One of our possible Partners offers us the ... Christoph ...
(Focus-IDS)