RE: [Snort-users] Re: [Snort-devel] IDS vs IPS

From: Mark Teicher <mht3(at)earthlink.net>
Date: Sat Aug 30 2003 - 20:14:34 EDT

<mht >

At 03:15 AM 8/28/2003, Bob Walder wrote:

>One important distinction

<mht> I have not a vendor who has addressed the full definition of IPS.

>YES - the two technologies have similar aims and will undoubtedly

<mht> Tippingpoint has IDS technologies and is not a true IPS as the same of Intruvert/NAI - In fact, Intruvert started out as a IDS appliance.

>By the way - why not ask NetScreen how hard it is to integrate IPS and

<mht> Still waiting for on answer what IPS technology is alll about. For example, Okena allows an administrator lockdown on Windows, svchost, and ntkernl.dll.. Hmm, how many windows applications do you think that breaks..

>Cisco is well placed to do this job too - it has the big switches which

<mht> Same as above, Cisco Security Agent aka Okena is going to have the same issues as Tippingpoint and NAI.. Actually in fact the first eval of TippingPoint wasn't even fully done and had lots of bugs.. I just saw a recent eval from a friend of mine, and they stated the same thing, TippingPoint, great smoke and mirrors, but does not scale well with 10,000 seats

>But... It ain't easy! It will be a while before these things do

<mht> Convergence may be occuring, but I think IPS will integrate into IDS technology. IPS is just pure marketing hype. How many Centrally Managed Desktop Firewall vendors just switched their web pages over to hyping themselves as an IPS product.. ??

>Oh... And no way am I advocating that any one of these technologies can

<mht> Ultimate Firewall Toolkit will save enterprises huge amounts of money, and also save the VC's huge amounts of money.. !! I feel sorry for the VC's that have invested so much of their money into a technology that has about a 18month lifespan.. Takes the company 9 months to get something they can beta, takes them another 9 months to get it to work, and guess what some huge vendor comes out with a BIG APPLICATION that changes their world.. Anyone heard of SAP..

Products like Cenzic Hailstorm attempted to produce a product that helped vendors find Quality Assurance issues automatically. Good technology, wrong market, also vendors didn't want to pay for a tool that pointed out deficiencies in their engineers.
IPS vendors want to point out holes in IDS vendors, it is going to be issue for vendors to address or have to persuade their customers to understand.. For example, a large company that is no.1 in the Fortune 500, paid lots of money for a desktop firewall solution, and now some IPS vendor comes along, and says btw, that solution blows chunks because it is not an IPS.. I don't think that customer is going to be convinced that they wasted lots of money on a solution that just got in place.
always a dilemma with new technology. Anyone want to talk about PKI as great technology, but lousy implementation?? How about Managed Security Services ??
Boutique Consulting and why International Network Services will become No.1 again. ??
How about instead or arguing about the difference between IDS and IPS, some of the engineers on the list should plan on developing ways of making self-healing applications and networks.
Now, I would pay a dollar for that... !!

/off soap box

going back to hide underneath rock for a few more years..

>I would LOVE to have just the one box for this.... But it's just not

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-devel mailing list
Snort-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-devel Received on Tue Sep 2 08:50:36 2003