> I'm not saying that an IPS does not have value, I'm saying > it should be part of an overall security strategy, not your > end all solution for detecting and preventing intrusions, > as the view that it gives even the most novice analyst is > far too narrow.
Okay Will, here we agree. An IPS must be part of a larger security strategy. It cannot stand alone. I completely agree with that. However, I maintain my position that most businesses lack the analytical capabilities to deploy resource intensive technologies (like SNORT). Hence, commercial IPS that can filter off a set of known vulnerabilities reduces the overall workload and offers a layer of protection. Also, the majority of attacks in the wild are well-known and easily detected and blocked. _____________________________________ Andrew Plato, CISSP, CISM President/Principal Consultant ANITIAN ENTERPRISE SECURITY Your Expert Partner for Security & Networking 3800 SW Cedar Hills Blvd, Suite 280 Beaverton, OR 97005 503-644-5656 Office 503-214-8069 Fax 503-201-0821 Mobile www.anitian.com _____________________________________ GPG public key available at: http://www.anitian.com/corp/keys.htm _________________________________________________ NOTICE: This email may contain confidential information, and is for the sole use of the intended recipient. If you are not the intended recipient, please reply to the message and inform the sender of the error and delete the email and any attachments from your computer. _________________________________________________ ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. ------------------------------------------------------------------------
