Hosting Provided By

RE: Recent Gartner IDS/IPS report

From: Avi Chesla <avic(at)V-Secure.com>
Date: Thu Jun 19 2003 - 04:06:35 EDT

Hi,

I agree with Gartner's statement, that the next generation of security products will integrate automatic prevention capabilities into their systems. This is already happening (IPS - Intrusion Prevention Systems) and my opinion is that this reflects the market's needs currently and in the future.

Why is that?

The increasing value of the Internet have raised the demands for faster security solutions and, most importantly, automatic active devices that can provide proper countermeasures to the attacks. Due to the speed and frequency of attack methods, these devices must also be able to execute defensive actions without human intervention in minimum time. The majority of Internet connected organizations do not have the necessary time or resources to properly analyze security reports, implement necessary countermeasures and execute them. If the organization's Internet infrastructure and applications aren't easily accessible or are difficult to use, the customers who expect to get fast and reliable online services will simply find another available service (usually from a competing organization).
Human decisions and actions take time and, in a world dominated by fast hardware and communication lines, some of the decisions and countermeasures will have to be done automatically by the security devices in order to avoid losing customers.

It is not clear however, what Gartner means by saying that firewalls (with more security functionalities - network and applications protections) will replace the IDS products. Intrusion analysis is an entirely different technology than the technology which is associated with current firewalls products. Integrating both technologies in the same product is possible and it seems that this is what Gartner was intending to explain, unsuccessfully.

Although it might upset some vendors, if automatic prevention is what the market wants, it is a fact that the current IDS products which are associated with an excessive amount of false positives, will not be able to provide.

Avi Chesla

Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com

Received on Thu Jun 19 10:39:02 2003

This message: [ Message body ]
Next message: Richard Ginski: "Re: Recent anti-NIDS Gartner article"
Previous message: oherrera: "RE: Recent Gartner IDS/IPS report"
Maybe in reply to: Gary Golomb: "Recent Gartner IDS/IPS report"
Next in thread: Andre Yee: "RE: Recent Gartner IDS/IPS report"
Reply: Andre Yee: "RE: Recent Gartner IDS/IPS report"
Reply: Richard Ginski: "Re: Recent anti-NIDS Gartner article"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:14 EDT

Do you need help?