Hosting Provided By

Re: Recent Gartner IDS/IPS report

From: Andreas Hess <andi_hess(at)web.de>
Date: Thu Jun 19 2003 - 10:54:55 EDT

Hi,

I have just a short question. I can see the benefit of an IPS, namely that it is possible to prevent certain attacks. But still, an IDP is prone to false positives, in the same was as an IDS - or did I miss something?
The evaluation process whether or not an attack is taking place does not differ from what an IDS does. There are no new techniques! Certainly, it is possible to combine different analysis technologies and perhaps this also pais out but this is not said!

To my opinion it makes sense to block attacks which can be reliably identified, but what about the others?
The limiting factor is still the rate of false alarms!

Regards

Andreas

Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com

Received on Sun Jun 22 23:13:50 2003

This message: [ Message body ]
Next message: broyds(at)rogers.com: "Re: IDS is dead, etc"
Previous message: Srinivasa Rao Addepalli: "Re: Recent anti-NIDS Gartner article"
In reply to: Gary Golomb: "Recent Gartner IDS/IPS report"
Next in thread: Jeff Nathan: "Re: Recent Gartner IDS/IPS report"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:14 EDT