Joe wrote .... > ... "infrastructure IPS".... allows the NADS to find the > piece of network infrastructure closest to the threat > (router, switch, firewall, etc.) and take blocking action > there in order to quarantine the attack.
Can you point me to some info on the infrastructure examples where this would work? Sounds like a great concept but when I evaluated Lancope last year, I don't remember this feature being present at the time. > ...However, in speaking with customers, it [IPS] is too > costly to deploy in a scenario that can give you > adequate network visibility or proper blocking > capabilities inside your organization. Just because it is costly does not mean it is not a good security solution. It just means that the solution is expensive.. but it does exist. I am fighting this battle now trying to get IPS deployed everywhere possible. My justification... I either get one security analyst per critical segment and charge him with watching 24x7x365 and responding within 10 seconds or I deploy IPS. The IPS solution is cheaper and more practical. I too share your sentiment about IPS being sold as the "silver bullet." I wanted it to be. I tried it... and it was not. It is another tool in the infrastructure tool kit. Regards, Hassan Karim, CISSP Send instant messages to your online friends http://uk.messenger.yahoo.com ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
