On Tue, 2005-08-30 at 23:58 +0100, Seek Knowledge wrote: > IMHO comparing pure play havior detection to IPS is > like comparing apples and oranges.
Of course. IPSes are access control devices (filtering bad traffic) while IDSes are validation devices that alert when invalid/abnormal traffic is present. > but I'll take IPS wherever I can > get it thank you. If one can't afford IPS... then I > guess going the forensics only route is better than > nothing. If you can't get apple you take an orange? Remember, these are different tools. You can very well have an IPS as a filter and an IDS to verify that the filter works. It's not an either-or situation. Different tools for a different job. Cheers, Frank -- Ciscogate: Shame on Cisco. Double-Shame on ISS.
signature.asc
Description: This is a digitally signed message part
